Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 7 subscribers
  • Views 2207 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM SG330 DHCP Relay not working over Transfer Network

Sideshow

Hey guys,

I have a Problem with configuring the dhcp relay on a Sophos SG 330 (9.705-3).

We want to use a RED60 (standard/unified mode) to manage our branch office, so we attached it on a ISP Router on a different DSL-Connection for testing purposes.

This RED60 works fine. Firewall rules are working properly so i can reach our Infrastructure with a PC connected to the RED and vice versa.

In the next step i would like to configure a dhcp relay for the clients in the remote network to get an ip address from our dhcp servers in the local network.

I did the following configurations:

- Added a Scope on the local dhcp server with the correct ip network and the appropriate options.

- activated the dhcp relay option in the Sophos UTM and added the local dhcp server and the two interfaces wich forward the dhcp traffic.

- MVZ-Konz is the interface for the remote network, internal LAN for local network.

- Added a firewall rule (for testing purposes, don't know if it's necessary for dhcp) with any to any and port 67/68 (i dont know how to restrict this rule, because of the functioning of dhcp) . I will delete this if i can get the dhcp relay to work properly

Because the dhcp relay agent doesn't work as intended i did a tcpdump on the Sophos UTM. The dhcp request from the client in the remote network reaches the Sophos UTM interface on its remote site. Unfortunately i can't see the traffic forwarded to another interface.

One important side note to our network infrastructure:

We have a transfer network between our Sophos UTM and our L3-Core switch (Routing between VLAN's). This include the interface "internal LAN" you can see in the picture above (dhcp relay). Obviously, the DHCP Server is in an other network than the transfer network.

So my question is:

Is this the reason the dhcp relay doesn't work because i have no Sophos interface in the network the dhcp server is?

If this is the case how can i make it work using our internal dhcp server without using the dhcp server function of the Sophos UTM?

Sorry for my bad english, i try my best :-)

I hope you guys know what i mean and can give my tipps and solutions for this scenario.

If you need any further information please let me know.

I haven't wrote any IP-Adresses or network configurations because i think they aren't necessary.

Thanks for your help.

regards

Niko



This thread was automatically locked due to age.
Parents
  • 0

    Hi Guys,

    in the dhcp relay konfiguration i've swapped the dhcp server address with the ip address of my core switch. So the dhcp server in the dhcp relay configuration of the Sophos UTM is in the same network as the corresponding interface. Unfortunately the requests don't reach the dhcp server.

    Here the tcpdumps of interface mvz-konz (reds1)

    and interface internal LAN (eth0)

    I'm right that i have to see outgoing dhcp traffic on eth0, if the configurations are fine, am I?
    Even if this configuration won't work, in my opinion the Sophos have to forward the dhcp packets on eth0.

    Is there another way to see what is wrong here? The dhcp live log doesn't show anything because Sophos isn't acting as a dhcp server, i guess.

    best regards,

    Niko

Reply
  • 0

    Hi Guys,

    in the dhcp relay konfiguration i've swapped the dhcp server address with the ip address of my core switch. So the dhcp server in the dhcp relay configuration of the Sophos UTM is in the same network as the corresponding interface. Unfortunately the requests don't reach the dhcp server.

    Here the tcpdumps of interface mvz-konz (reds1)

    and interface internal LAN (eth0)

    I'm right that i have to see outgoing dhcp traffic on eth0, if the configurations are fine, am I?
    Even if this configuration won't work, in my opinion the Sophos have to forward the dhcp packets on eth0.

    Is there another way to see what is wrong here? The dhcp live log doesn't show anything because Sophos isn't acting as a dhcp server, i guess.

    best regards,

    Niko

Children
No Data
Unfiltered HTML