Sophos UTM SG 135 problem with internetconnection / DHCP

Hi there,

I have a strange problem with an internet connection on an SG 135 with the current firmware version.

Two identical cable connections from Vodafone Kabel Deutschland with 1 Gbit each on ETH1 and ETH2 are configured identically on the UTM. Both lines have a static IP that is assigned by the provider via DHCP. Line one has been running smoothly for almost two years. Now a second line has been added, it always runs for about 30 minutes, then it is gone for about 30 minutes. In the log file I see that after the lease has expired, the UTM tries to re-establish the connection. She tries that for about 30 minutes, after which it works again. The uplink balancing is also correctly switched on. Both interfaces are configured as standard gateways.

I have already swapped different Internet interfaces on the UTM, no improvement. In the log file I see the following:

reverseproxy/usr/dehydrated/bin/renew_certificate.pl > /dev/null)

2020:12:22-19:29:09 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:29:30 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:29:41 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:30:00 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:30:01 gw /usr/sbin/cron[23544]: (dehydrated) CMD (/var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl > /dev/null)

2020:12:22-19:30:01 gw /usr/sbin/cron[23545]: (root) CMD ( /usr/local/bin/reporter/system-reporter.pl)

2020:12:22-19:30:01 gw /usr/sbin/cron[23546]: (root) CMD (/var/mdw/scripts/pmx-blocklist-update)

2020:12:22-19:30:01 gw /usr/sbin/cron[23547]: (root) CMD ( /usr/local/bin/rpmdb_backup )

2020:12:22-19:30:17 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:30:30 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:30:44 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:31:01 gw /usr/sbin/cron[24101]: (dehydrated) CMD (/var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl > /dev/null)

2020:12:22-19:31:02 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:31:19 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:31:27 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:31:35 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:31:47 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:32:01 gw /usr/sbin/cron[24563]: (root) CMD ( nice -n19 /usr/local/bin/gen_inline_reporting_data.plx)

2020:12:22-19:32:01 gw /usr/sbin/cron[24564]: (dehydrated) CMD (/var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl > /dev/null)

2020:12:22-19:32:06 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:32:14 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:32:34 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:32:43 gw dhclient: DHCPREQUEST for 24.134.95.205 on eth1 to 88.134.230.2 port 67

2020:12:22-19:32:43 gw dhclient: DHCPACK of 24.134.95.205 from 88.134.230.2

2020:12:22-19:32:43 gw dhclient: bound to 24.134.95.205 -- renewal in 1228 seconds.

2020:12:22-19:32:48 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:33:01 gw /usr/sbin/cron[25076]: (dehydrated) CMD (/var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl > /dev/null)

2020:12:22-19:33:08 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 255.255.255.255 port 67

2020:12:22-19:33:17 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 255.255.255.255 port 67

2020:12:22-19:33:26 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 255.255.255.255 port 67

2020:12:22-19:33:26 gw dhclient: DHCPACK of 24.134.237.101 from 88.134.230.2

2020:12:22-19:33:26 gw dhclient: bound to 24.134.237.101 -- renewal in 1554 seconds.

Then after a while this comes up:

19:32:06 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:32:14 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:32:34 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:32:43 gw dhclient: DHCPREQUEST for 24.134.95.205 on eth1 to 88.134.230.2 port 67

2020:12:22-19:32:43 gw dhclient: DHCPACK of 24.134.95.205 from 88.134.230.2

2020:12:22-19:32:43 gw dhclient: bound to 24.134.95.205 -- renewal in 1228 seconds.

2020:12:22-19:32:48 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 88.134.230.2 port 67

2020:12:22-19:33:01 gw /usr/sbin/cron[25076]: (dehydrated) CMD (/var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl > /dev/null)

2020:12:22-19:33:08 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 255.255.255.255 port 67

2020:12:22-19:33:17 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 255.255.255.255 port 67

2020:12:22-19:33:26 gw dhclient: DHCPREQUEST for 24.134.237.101 on eth2 to 255.255.255.255 port 67

2020:12:22-19:33:26 gw dhclient: DHCPACK of 24.134.237.101 from 88.134.230.2

2020:12:22-19:33:26 gw dhclient: bound to 24.134.237.101 -- renewal in 1554 seconds.

2020:12:22-19:34:01 gw /usr/sbin/cron[25630]: (dehydrated) CMD (/var/chroot-reverseproxy/usr/dehydrated/bin/renew_certificate.pl > /dev/n


I have no idea what else to try.

Any help is very welcome.

Cheers,

Horst

  • Hi ,

    Thank you for reaching out to the Community! 

    What is the firmware version on your firewall? 

    Can you share a screenshot of Uplink Balancing?  Did you select automatic monitoring? 

    Did you define the gateway for the new WAN interface on the UTM? 

    If UTM is sending DHCP requests and does not get DHCP Ack from the server, it needs to be looked at at the upstream device. 

    Thanks,

     

     
    Harsh Patel (H_Patel)

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • Hi  ,

    thanks for the answer.

    Here are my ansers:

    What is the firmware version on your firewall? 

    Firmware is 9.705-3

    Did you define the gateway for the new WAN interface on the UTM? 

    Yes, see attachments. WAN1 & WAN2 are from the same Provider and are identical configured. WAN2 ist the one who disconnect ever 30 minutes.

    If UTM is sending DHCP requests and does not get DHCP Ack from the server, it needs to be looked at at the upstream device.

    I opend several tickets at the provider. He told me everthing is OK on his side :-(

    Thanks for helping me.

    Horst

    WAN1:

    WAN2

  • Hello Horst,

    why don‘t  you just use a static definition, if you know your static ip settings?

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Phillip,

    because provider allow  only DHCP. I tried it with static settings, but after 30 minutes same problem.

    Strange thing is, when I set the provider modem from brigde mode into router mode, the DHCP setting from the modem works fine. With that setting i have double nat  wich is not my way...

  • Hello,

    i have never heard that Vodafone only allows DHCP in that setup.

    Is the 30 min error happening on both lines, then?

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hello Phillip,

    his is the strage thing... If i set the lines to static setup, the 30 minute error occurs on bot lines. Line 1 is configured with dhcp an runs since 2 years without problem. Vodafone said something wrong with my firewall, they have no problem with their setup...

    Gruss aus dem Saarland :-)

    Horst

  • Hello Horst,

    can you exchange both modems with each other?

    Does the error go with the modem?

    Or does it stay at th second line?

    you don‘t have a switch between the UTM and the modems?

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Philipp,

    if i change the modems vice versa error stays at line 2. There is no switch between UTM and the modems. Also i tried to fix the speed of the ethernetinterface to 1 gig, was not helping :-(

  • Hello Horst, do the modems share the same uplink cable?

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Philipp,

    no, both modems have its own uplink cable to the "Hausanschluss" Another strange thing is, if i set the modem of line two instead of bridge mode into router mode, the line stays up and running.