Link to home
Create AccountLog in
Avatar of Mal Osborne
Mal OsborneFlag for Australia

asked on

Wyse thin client firmware and DHCP problmes.

Hi.

I have recently replaced some SonicWALL devices in our branch offices with Cisco ASA5506X devices. They are running Firepower Threat Defence. 6.2.0.0. (NOT ASA). Behind the ASA5506Xs are Wyse thin client devices, Model No Cx0, Prod Id C10LE. The Wyse devices obtain a DHCP address form the Cisco ASA5506X, then pull down their config from the head office, via a site to site VPN set up by  the Cisco device to a peer.

It mostly works.

The problem I have, is that the Wyse devices do not renew their DHCP lease. Lease time is set to one hour, and there seems no way to change this on the Cisco device. After an hour, the Wyse just displays "DCHP lease expired", and kicks the user out. Power cycling the device allows them to continue their session once more. Other devices (the occasional PC) work fine. The Wyse devices work fine when getting their DHCP leases from other DHCP servers, however every other DHCP server they have used has been configured with a lease of over a week.

It seems to me that the firmware on the Wyse devices have a problem, so I would like to upgrade it. Current versions is 8.0_210. I have checked with Dell, it seems that I need a support contract to access firmware. These devices, however, are documented as "End of life" in May 2014, so a contract cannot be had. This is odd, as several of our devices have a manufacture date of July 2014.

So questions:
1. Has anyone seen these devices exhibit this behaviour before?
2. Any hints as to how I might obtain newer firmware?
Avatar of Panagiotis Toumpaniaris
Panagiotis Toumpaniaris
Flag of Greece image

Hello,

In Firepower threat defense configuration, In "DHCP" -> "DHCP Server" Settings, there should be an option "Lease Length" that equals to the lease time in seconds. The default is 3600 seconds for 1 hour. You can change it to 43200 for 12 hours or 86400 for 1 day, or any other value you want up to 1048575 seconds.

Hope it helps,
Panagiotis
Avatar of Mal Osborne

ASKER

I am not using FMC, but managing the ASA5508X directly. Does not seem to have an option for DHCP lease time.
In CLI can't you change option 51 ?  
something like
dhcpd option 51 43200

Open in new window

That is the lease time and it should be implemented according to RFC 2132.
CLI configuration is not supported at all with the FTD software.
ASKER CERTIFIED SOLUTION
Avatar of Panagiotis Toumpaniaris
Panagiotis Toumpaniaris
Flag of Greece image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I am assuming that the EOL on the Wyse clients is an error. It is not normal for anything to be EOL'd months before it is made! Getting newer firmware from Dell is proving bloody difficult though.
My understanding is that with the FTD firmware, only configuration via the GUI, or an FMC is supported, the CLI can be used for troubleshooting only.

Having said that, I guess it will do no harm to attempt to configure DHCP lease time that way, I will give it a try.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Dear Author
that is a really unlucky combination there indeed. Although having said that, the problem with the client is clearly a bug and shouldn't require a payment to fix. As if the wyse clients weren't over priced to begin with..

Keep us posted, and good luck!
Still working on this. :(

I have so far managed to pay for "software maintenance" on the Wyse firmware, but it is still proving awkward to actually obtain it. Unsure if it will fix the issue.
Paying for overpriced thin clients would suggest better support on the long run, but I guess this is just wishful thinking.
Cancel the request for closing if you like so that you can close it when you have actually have the problem solved.

Honestly, I thought that paying for support would ultimately worked out a solution... Hope that everything works out in the end.
Well after all said, paying up for a firmware upgrade must have been the only solution.