BlackWinter Promo
Save up to 50%80%70%70%70%70%70%70%70% on a Sophos Firewall of your choice.
Choose XGS Firewall modelSave up to 50%80%70%70%70%70%70%70%70% on a Sophos Firewall of your choice.
Choose XGS Firewall modelIn this article, we will show you how to configure DHCP options on a Sophos firewall with the SFOS operating system.
Since SFOS v18.5 MR3 there are now DHCP options in the GUI. This makes configuration a lot faster and easier.
In order to be able to give DHCP options, you first need a DHCP server, of course. This can be created via the admin interface. Sophos has already explained how to do this in its own knowledge base article:
Important: The DHCP name should not contain spaces or special characters. Use e.g. CamelCase or separate with hyphen (-) or underscore (_).
The DHCP options are not found in the WebAdmin GUI. You have to connect to the appliance via SSH to set it. On Windows there is the tool Putty and on macOS the already preinstalled terminal can be used.
ssh admin@192.168.1.1
into the console. When using Putty, only the IP address needs to be entered. The IP address can of course be different for your firewall. After that, you still need to enter your username and password to log in to your firewall via SSH.Sophos has written its own knowledge base article for this, but from our point of view it is not that easy to understand. What we find very useful about this article, however, is the additional information about the DHCP options. That’s why we’re linking to Sophos’s KB post here as a supplement, so you can find the full table with all the options: https://community.sophos.com/kb/en-us/123529
For example, do you have the problem that with a Sophos RED 15w at an outdoor location, the integrated access point is not detected? Let’s take this case as an example and play through how you can create a DHCP option for it.
Before you can fill the option with data, you must first define an option. The command looks like this:
system dhcp dhcp-options add optioncode <Nr> optionname <SAMPLE-NAME> optiontype <TYPE>
Important: In my examples, remove the < and >.
The working command for our example now looks like this:
system dhcp dhcp-options add optioncode 234 optionname dhcp_magic_ip optiontype ipaddress
Now that the option has been defined, we still give the data with. The command looks like this:
system dhcp dhcp-options binding add dhcpname <DHCP-NAME> optionname <SAMPLE-NAME>(234) value <WERT>
The working command for our example now looks like this:
system dhcp dhcp-options binding add dhcpname dhcp_red_avanet optionname dhcp_magic_ip(234) value 10.10.10.12
Now that we have explained which two commands need to be issued, we will show you a few examples to make it easier to create your own Sophos Firewall DHCP Options.
With this option you tell a ThinClient on which server the image is located.
system dhcp dhcp-options add optioncode 161 optionname ThinClientServer optiontype ipaddress
system dhcp dhcp-options binding add dhcpname DHCP_Server_Avanet_LAN optionname ThinClientServer(161) value '10.10.10.12'
This command now specifies the port at which the ThinClient can report to the server. Here the optiontype is not ipaddress but string. In the best case, the manufacturer of the device will provide you with this information.
system dhcp dhcp-options add optioncode 192 optionname ThinClientServerPort optiontype string
system dhcp dhcp-options binding add dhcpname DHCP_Server_Avanet_LAN optionname ThinClientServerPort(192) value '443'
The DHCP options can drive you crazy and you can spend hours searching for the right commands. Colleague Robert shares his experience with us here (thank you).
Part 1: One defines what exactly is to be configured:
A DHCP option value (IP) should be applied in the internal DHCP scope “Home_Scope” which I configured in the GUI. The WDS server listens with me on the IP: 172.16.16.11
system dhcp dhcp-options binding add dhcpname Home_Scope optionname TFTP_Server_Name(66) value 172.16.16.11
Part 2: You define where a client can find the pre-enviroment:
system dhcp dhcp-options binding add dhcpname Home_Scope optionname Bootfile_Name(67) value \boot\x64\wdsnbp.com
By pre-environment is meant a boot file containing a standard VGA driver, network card drivers, and mouse and keyboard drivers. The Pre-Environment is the window you work with during Windows setup.
You may also want to delete such an option again, in which case the command would be as follows:
system dhcp dhcp-options delete optionname dhcp_magic_ip(234)
This command will give you a list of all DHCP options already defined on the Sophos firewall.
system dhcp dhcp-options list
system dhcp dhcp-options binding show dhcpname <DHCP-NAME>
The working command for our example now looks like this:
system dhcp dhcp-options binding show dhcpname DHCP_Server_Avanet_LAN
Save up to 50%80%70%70%70%70%70%70%70% on a Sophos Firewall of your choice.
XGS 107
30%40%30%30%30%30%30%30%30% OffXGS 116
40%70%40%40%40%40%40%40%40% OffXGS 126
50%70%50%50%50%50%50%50%50% OffXGS 136
50%70%50%50%50%50%50%50%50% OffXGS 2100
50%80%60%60%60%60%60%60%60% OffXGS 2300
50%80%70%70%70%70%70%70%70% OffXGS 3100
50%80%70%70%70%70%70%70%70% OffXGS 3300
50%70%50%50%50%50%50%50%50% OffXGS 4300
50%70%50%50%50%50%50%50%50% OffXGS 4500
50%70%50%50%50%50%50%50%50% OffXGS 5500
50%70%50%50%50%50%50%50%50% OffXGS 6500
50%70%50%50%50%50%50%50%50% Off