Nebula NCC blocked by firewall
All Replies
-
Hello @Zyxel_Judy
I'm going to ask my Client if he can let me place there another switch with DHCP Guard active and see if I can replicate the problem.
I cannot revert back the config with the switch in production, it could lead to malfunctions with PCs, VoIP phones and cameras.
If I can reproduce it with another Nebula model, could it be good for you?
I have a spare GS1920-8HP somewhere, so we can see if there is a bug with "V4.80(ABXQ.4) | 04/10/2024" firmware for XGS2220-54HP
Please let me know also via PM
0 -
DHCP Guard is not just a enable/disable option there is more options
Sophos can see DHCP Discover which is why the switch is 0.0.0.0 but if you don't setup a port to be trusted the offer will be blocked by the switch
0 -
Hi @PeterUK ,
The behavior of DHCP Server Guard varies based on the mode of operation. There is no setting for trusted ports for DHCP servers when operating in cloud mode.
- Cloud Mode: In this mode, only the first DHCP server that assigned an IP address to the Nebula device is permitted to assign IP addresses to devices in the management VLAN.
- Standalone Mode: Allows setting multiple trusted ports for DHCP servers, offering more flexibility in designating trusted DHCP sources.
0 - Cloud Mode: In this mode, only the first DHCP server that assigned an IP address to the Nebula device is permitted to assign IP addresses to devices in the management VLAN.
-
Hi @GiuseppeR ,
Thank you for your willingness to cooperate and test this issue.
We need to point out that testing with a GS1920 model may not produce relevant results for your original situation. Since you would be using a different model (GS1920 vs XGS2220-54HP) on a different Nebula site, even if connected to the same Sophos device, the test results would not be directly comparable. This approach would not effectively determine whether there's an issue with the DHCP server guard functionality or a bug in the GS2220 firmware.
Without access to your customer's initial Sophos configuration and complete network scenario, attempts to replicate this issue in alternative setups may lead to inconsistent or misleading results.
We recommend that if this issue recurs with your customer, please follow the steps we provided earlier to confirm the problem and then share the switch tech-support logs with us for proper analysis.
0 -
Hi @PeterUK
as said by @Zyxel_Judy I could not select the port for DHCP Guard because my config was Nebula based, so I would like to understand how to cooperate with Zyxel to replicate this issue trying to fix it
0
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 164 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 362 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight