Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 7 subscribers
  • Views 2826 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM SG330 DHCP Relay not working over Transfer Network

Sideshow

Hey guys,

I have a Problem with configuring the dhcp relay on a Sophos SG 330 (9.705-3).

We want to use a RED60 (standard/unified mode) to manage our branch office, so we attached it on a ISP Router on a different DSL-Connection for testing purposes.

This RED60 works fine. Firewall rules are working properly so i can reach our Infrastructure with a PC connected to the RED and vice versa.

In the next step i would like to configure a dhcp relay for the clients in the remote network to get an ip address from our dhcp servers in the local network.

I did the following configurations:

- Added a Scope on the local dhcp server with the correct ip network and the appropriate options.

- activated the dhcp relay option in the Sophos UTM and added the local dhcp server and the two interfaces wich forward the dhcp traffic.

- MVZ-Konz is the interface for the remote network, internal LAN for local network.

- Added a firewall rule (for testing purposes, don't know if it's necessary for dhcp) with any to any and port 67/68 (i dont know how to restrict this rule, because of the functioning of dhcp) . I will delete this if i can get the dhcp relay to work properly

Because the dhcp relay agent doesn't work as intended i did a tcpdump on the Sophos UTM. The dhcp request from the client in the remote network reaches the Sophos UTM interface on its remote site. Unfortunately i can't see the traffic forwarded to another interface.

One important side note to our network infrastructure:

We have a transfer network between our Sophos UTM and our L3-Core switch (Routing between VLAN's). This include the interface "internal LAN" you can see in the picture above (dhcp relay). Obviously, the DHCP Server is in an other network than the transfer network.

So my question is:

Is this the reason the dhcp relay doesn't work because i have no Sophos interface in the network the dhcp server is?

If this is the case how can i make it work using our internal dhcp server without using the dhcp server function of the Sophos UTM?

Sorry for my bad english, i try my best :-)

I hope you guys know what i mean and can give my tipps and solutions for this scenario.

If you need any further information please let me know.

I haven't wrote any IP-Adresses or network configurations because i think they aren't necessary.

Thanks for your help.

regards

Niko



This thread was automatically locked due to age.
  • 0

    Hallo Niko and welcome to the UTM Community!

    "We have a transfer network between our Sophos UTM and our L3-Core switch (Routing between VLAN's)"

    Please show a diagram with IPs.  If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical or just in the same subnet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    thanks for your reply and sorry for the missing information.

    Below you will find further informations:

    As you can see the DHCP-Server is not in the same network as the interface "internal LAN", wich is part of the configuration in the dhcp relay tab in the sophos.

    I hope these informations are sufficient. Please let me know if you need any more informations.

    Best regards,
    Niko

  • 0 in reply to Sideshow

    Hello Niko,

    as far as I understand, DHCP requests are only forwarded to other network segments that are attached directly to the UTM. This way we use it and it's working.

    The only way I could imagine this to work, would be your L3 switch again relaying the DHCP requests.

  • 0 in reply to SebastianRudolph

    Hello SebastianRudolph,

    thanks for your reply.
    i guess you are right here.
    Although this seems to be neither logical nor practicable. Particulary because of the conversion of broadcast traffic to unicast i hoped it will work this way i've tried.
    I haven't tried your idea to relay the dhcp packets from sophos UTM to the core switch and let this forward it again to the correct network. I will give it a try as soon as possible and inform you again!

    Again, thank you very much for your idea and help.

    best regards

  • 0

    Hi Guys,

    in the dhcp relay konfiguration i've swapped the dhcp server address with the ip address of my core switch. So the dhcp server in the dhcp relay configuration of the Sophos UTM is in the same network as the corresponding interface. Unfortunately the requests don't reach the dhcp server.

    Here the tcpdumps of interface mvz-konz (reds1)

    and interface internal LAN (eth0)

    I'm right that i have to see outgoing dhcp traffic on eth0, if the configurations are fine, am I?
    Even if this configuration won't work, in my opinion the Sophos have to forward the dhcp packets on eth0.

    Is there another way to see what is wrong here? The dhcp live log doesn't show anything because Sophos isn't acting as a dhcp server, i guess.

    best regards,

    Niko

Unfiltered HTML