When you use the internal DHCP server of the XG firewall, and you have configured dhcp static entries on ex. the LAN, and you then move the endpoint, ex. a laptop, to a branch office behind a red, where the XG also, via the RED, provides IP addresses on another network, then the static endpoint will never get a IP, and revert to an APIPA address.
This is because the XG’s DHCP server is configured for static-entries only on the subject network, and the endpoint is not on that lan, therefore it cannot get an ip.
Personally I think this is a “bug”, as the server should figure this out by itself, as ex. the UTM does!
But no matter that, back to the solution, luckily the “Sophos XG Firewall Command Reference Guide v16 ” can tell us how to solve this on page 36:
Manage scope of Static lease
dhcp static-entry-scope{global|network|show}
So go to the console of the XG as described in the guide above and type:
And voila! – the endpoint on the branch connection, now get’s it’s IP matching that network 🙂
