This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Static entry bug?

You have a static entry configured in the DHCP scope of subnet A. You move the client to subnet B, and make it static from the 'DHCP leases' tab using the 'use an existing host' option. The outcome is that the host record now contains the IP from subnet B, but when the DHCP OFFER is sent to the client, the IP address is correct, but the default gateway is from the network configured on the original static entry, subnet A. As such, the client has a DG it can't reach. The behaviour is consistent. 

if you create a new host for management via DHCP, you can't save it if the address is not in the chosen DHCP range - you get (e.g.) "IP 192.168.1.150 is not in network 192.168.2.0/24 of the chosen interface."

is this intended behaviour or a bug?



This thread was automatically locked due to age.
  • Yes, That's a bug within the GUI.

    If you try to add the new IP/MAC to existing host, the IP for this host is changed, but not the DHCP Server/Scope/Subnet.

    If you open the network object afterwards, you are unable to save until you correct this error.

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Thanks - does this get reported to Sophos by some mechanism?

  • Someone has to open a support-ticket.

    This is possible for a customer with platinum-support or a partner.

    This Needs a lot of time (money).

    Or we have luck and a sophos staff member will read this post and solve this problem for us.

     

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • The following might be related to this bug.

    Main lan network = 10.10.1.0/24, interface ip = 10.10.1.1
    vlan4 network (same physical interface as main lan) = 10.10.4.0/24, interface ip = 10.10.4.1

    Client on vlan 4 using gateway ip (from bug above) of main lan 10.10.1.1 has full internet connectivity. That is,

    client ip addr = 10.10.4.100/24
    gateway = 10.10.1.1
    dns = 1.1.1.1

    Why does this client on subnet 10.10.4.0/24 have access to 10.10.1.1?

    It seems as though the main lan ip is an alias of some sort for the vlan gateways.  The expected behavior is no internet connectivity, and no pinging of the 10.10.1.1 from 10.10.4.0/24 clients. All the icmp options under firewall/icmp are unchecked.

    Only the main lan is defined in the web filtering/global/allowed networks.

  • Actually, that makes sense now. The USB installer bug (where you have to manually mount the USB drive before installing) is at least 5 years old (it bit me the first time I installed). I've found another bug where when I edit any of my wireless networks, it automatically changes everything back to the very first wireless network i created (name, SSID and password) and wipes out the one I was editing. The one it changes them back to doesn't actually exist any more either.

    This begs the question - if they aren't using us as beta testers, what is the value to Sophos in giving UTM away for free to home users? 

  • I haven't seen this, Dave.  One thing that's not well documented is that the static IPs for DHCP are not reservations like in Windows DHCP.  Static IPs must be set outside the dynamic range of the DHCP server.  When you created the new Host on the 'DHCP Leases' tab, had you already deleted the old Host definition that had the same MAC address?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • FormerMember
    +1 FormerMember in reply to dirkkotte

    Hi  

    Thank you for reporting this, but it is not a bug but an expected behavior. If the existing host is in network 192.168.1.0/24 and interface eth0, when you try to add new IP which is not part of that network and interface, UTM will present you the error message to correct the interface/DHCP server.

    The interface/DHCP server and IP address of the static host should be in the same network. 

    To avoid an IP address clash between regularly assigned addresses from the DHCP pool and those statically mapped make sure that the latter are not in the scope of the DHCP pool. For example, a static mapping of 192.168.0.200 could result in two systems receiving the same IP address if the DHCP pool is 192.168.0.100 – 192.168.0.210.

    Thanks,

  • Hi H_Patel,

    the problem is, the GUI don't correct me ...

    First ... you have a host-definition with dhcp settings from yesterday. yesterday the host is connected to Subnet A. DHCP settings (IP&DHCP-Scope) are from Subnet A.

    Today you connect host to subnet B. Host receive correct IP & Subnet data for Subnet/scope B.

    If you now show the list of dynamically assigned IP-adresses and select "make static" the host (currently using dynamic assigned address from subnet B) is assigned a IP from subnet B but keeps the dhcp server/scope from IP assigned before (subnet A). .... there is no option to change this at this point.

    So the next DHCP answer send IP from sunbet B and gateway from subnet A.

    if you open the host definition you have to correct IP and DHCP-Scope before you are able to save.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hi Dirk,

    I agree that the GUI should refuse to make a Static Host with an IP inside the dynamic range of the DHCP server.  I think you already knew that there's no such thing as a "reservation" like there is in Windows DHCP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA