cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

DHCP relay communications are being dropped by IPS signature DHCP, how can I restore communication?

Jump to solution

We have been having this problem during this week, every day at the same time the IPS discards the DHCP requests that go through the firewall, attached image.
I would like to know how we can restore the communication, I have already tried to add an exception for that DHCP signature, but it does not work. What we have had to do is restart the firewall to reestablish communication with the DHCP server.
It should be mentioned that all other communications pass the firewall without problem.

IPS.jpg

any help is appreciated.

Thanks

Tags (2)
0 Kudos
1 Solution

Accepted Solutions

Re: DHCP relay communications are being dropped by IPS signature DHCP, how can I restore communicati

Jump to solution

Exactly how did you add the DHCP exception?  Unless you did so by clicking the "Add Exception" directly from the log card, you almost certainly did not add the exception in the correct place to make it effective.  There are separate exceptions for Inspection Settings, Core Activations, IPS ThreatCloud Signatures, generic Threat Prevention exceptions, plus slightly different rules for properly applying exceptions on R77.30 gateways.  The only reliable way to ensure the exception is in the right place is creating it from the log card hyperlink.

Anyway what I think you need to do is uncheck "Perform Strict DHCP Options Enforcement" as shown in the screenshot below, just make sure you do it for the proper IPS profile applied to your gateway:

dhcp.jpg

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
3 Replies
Admin
Admin

Re: DHCP relay communications are being dropped by IPS signature DHCP, how can I restore communicati

Jump to solution
How are you attempting to apply the exception?

If this is happening every day at the same time, you should be able to get a packet capture and open a TAC ticket.
This would allow us to potentially fix the false positive.
0 Kudos

Re: DHCP relay communications are being dropped by IPS signature DHCP, how can I restore communicati

Jump to solution

Exactly how did you add the DHCP exception?  Unless you did so by clicking the "Add Exception" directly from the log card, you almost certainly did not add the exception in the correct place to make it effective.  There are separate exceptions for Inspection Settings, Core Activations, IPS ThreatCloud Signatures, generic Threat Prevention exceptions, plus slightly different rules for properly applying exceptions on R77.30 gateways.  The only reliable way to ensure the exception is in the right place is creating it from the log card hyperlink.

Anyway what I think you need to do is uncheck "Perform Strict DHCP Options Enforcement" as shown in the screenshot below, just make sure you do it for the proper IPS profile applied to your gateway:

dhcp.jpg

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: DHCP relay communications are being dropped by IPS signature DHCP, how can I restore communicati

Jump to solution

Thank you, this has solved for me the issue.

Regards.

0 Kudos