3 Replies Latest reply on Feb 1, 2016 3:44 PM by dwinland

    DHCP Server in NGFW

    dwinland

      I am attempting to use the DHCP server option in NGFW 5.10

      Have an interface 192.168.150.5 that I have turned on a range of ip's to be offered.

      I have a laptop that is tries to get a ip from the interface (both on the same switch) but no ips appear to be given

       

      I have a rule to allow  ANY source -- 192.168.150.5 destination --- and ANY service allowed

      A reply rule   192.168.150.5 source -- DHCP Scope ips desitination ---and ANY service allowed

       

      Any thoughts appreciated

        • 1. Re: DHCP Server in NGFW
          thyvarin

          Hi,

           

          In 5.8 and later versions automatic rules are generated for traffic related to features connections are opened to or from the NGFW nodes themselves:

          http://help.stonesoft.com/onlinehelp/StoneGate/SMC/5.10.0/GUID-B600254D-05E2-4B5 5-9709-3C3DC772024C.html

           

          So when you enable DHCP server feature on one of the firewall interfaces, automatic rules are created and should allow DHCP requests from clients, and DHCP replies from the firewall nodes. When DHCP server feature is enabled, firewall should be listening to UDP port 67 (bootps):

           

          root@fw-sg-5-10-2:~# netstat -pan |grep 67

          udp        0      0 0.0.0.0:67              0.0.0.0:*                           12602/dhcpd

           

          If FW is listening to DHCP requests, then next step would be to tcpdump on the interface that is configured as DHCP server.

           

          BR,

          Tero

          • 2. Re: DHCP Server in NGFW
            dwinland

            Thanks Thyvarin.

             

            I had failed to look at the port.

             

            I see the system is not listening on that port....

             

            Will give customer support a call.

            • 3. Re: DHCP Server in NGFW
              dwinland

              Found the problem.  I was uploading my new policy....but had not hit the "save" icon.

               

              Did not understand that the a "save" had to be performed prior to "upload" of policy.

               

              Client help was able to figure it out for me.