Sounds a similar config to mine. What is the detail/information in the discard event?
It's showing a packet filtering from a source of the DHCP server interface and destination of the same for BOOTP. When I declare a rule to allow it, the drop references the same rule (in the IPv4 ruleset).
sounds similar to what I have seen but you still need to see the info/detail when you double click the event. It should show a break down in the lower right box of all the specifics, quite far down the list it will show an info or detail message that will say why it is really discarded. Mine today was spoofed packet and I got it sorted from that. I'll try get back online later and get a screenshot of where I mean on the event
Sorry if this is going down the wrong route but here is the screenshot of the detail I'd be looking for in the log event by double clicking it:
Also worth mentioning that the rule I originally put in my policy for remote clients getting to the DHCP server using BootP (S & C) was showing as unused, so today i disabled it and my mobile VPN still works!
Let me know what the event shows!