Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
adriangutierrez
Participant
Jump to solution

DHCP relay communications are being dropped by IPS signature DHCP, how can I restore communication?

We have been having this problem during this week, every day at the same time the IPS discards the DHCP requests that go through the firewall, attached image.
I would like to know how we can restore the communication, I have already tried to add an exception for that DHCP signature, but it does not work. What we have had to do is restart the firewall to reestablish communication with the DHCP server.
It should be mentioned that all other communications pass the firewall without problem.

IPS.jpg

any help is appreciated.

Thanks

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

Exactly how did you add the DHCP exception?  Unless you did so by clicking the "Add Exception" directly from the log card, you almost certainly did not add the exception in the correct place to make it effective.  There are separate exceptions for Inspection Settings, Core Activations, IPS ThreatCloud Signatures, generic Threat Prevention exceptions, plus slightly different rules for properly applying exceptions on R77.30 gateways.  The only reliable way to ensure the exception is in the right place is creating it from the log card hyperlink.

Anyway what I think you need to do is uncheck "Perform Strict DHCP Options Enforcement" as shown in the screenshot below, just make sure you do it for the proper IPS profile applied to your gateway:

dhcp.jpg

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
How are you attempting to apply the exception?

If this is happening every day at the same time, you should be able to get a packet capture and open a TAC ticket.
This would allow us to potentially fix the false positive.
0 Kudos
Timothy_Hall
Champion
Champion

Exactly how did you add the DHCP exception?  Unless you did so by clicking the "Add Exception" directly from the log card, you almost certainly did not add the exception in the correct place to make it effective.  There are separate exceptions for Inspection Settings, Core Activations, IPS ThreatCloud Signatures, generic Threat Prevention exceptions, plus slightly different rules for properly applying exceptions on R77.30 gateways.  The only reliable way to ensure the exception is in the right place is creating it from the log card hyperlink.

Anyway what I think you need to do is uncheck "Perform Strict DHCP Options Enforcement" as shown in the screenshot below, just make sure you do it for the proper IPS profile applied to your gateway:

dhcp.jpg

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
adriangutierrez
Participant

Thank you, this has solved for me the issue.

Regards.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events