![]() ![]() The gateway at 192.168.2.1 forwards this to the 192.168.1.0/24 vlan and it receives the blast on that subnet for the response, and blasts that back out to the requesting vlan. Someone may have a better understanding of it and can explain better in the comments, but what my assumption is, when the DHCP request goes out, it gets blasted to the entire vlan to find a DHCP server by blasting out to port 67/68 UDP in search of a DHCP server. The ResolutionĪfter much trial and error, I found that the fact I put a DHCP relay on the subnet the DHCP server was on, it was causing all the DHCP requests to fail. I checked and sure enough, it was no longer dishing out IP addresses. ![]() I looked up and noticed all my Chromecasts was saying they couldn’t get an IP. Then I decided to setup VLANs for every subnet and made quite a few other changes to get it to that perfect lab I was hoping for. It worked! I was getting IP addresses assigned to the Clients. Then in Sophos, I setup a DHCP relay just the Clients VLAN. In Sophos, Windows DHCP, I setup DHCP subnets for all three vlans. Here is my setup so you can understand the issue. But why? A – it shouldn’t be a firewall rule blocking it because I put in an Any-Any rule. I was getting a block by the firewall rule 0 on Appliance Access as Denied. After looing in the logs, I noticed this: Firewallmessageid="02002" log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="Port1.21" out_interface="" src_mac="68:b5:99:6f:b5:fe" src_ip="10.124.216.41" src_country="" dst_ip="10.124.219.254" dst_country="" protocol="UDP" src_port="67" dst_port="67" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" I tried changing all of my firewall rules to any-any, etc. I spent MANY hours trying to figure out why. After doing this, something that should not have effected other already working VLANs, nothing was getting DHCP addresses. After I had everything working, I decided to add in the rest of my VLANS and create relays so they all worked without a hitch. I recently setup Sophos XG Firewall in my Home Lab and setup vlans, firewall rules, DHCP relays to point to my Windows DHCP Server, etc. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |