This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Marco_Valenti
Advisor
‎2018-02-06 08:42 AM

Dhcp Relay

Hey all

I would like how all of you is handling dhcp relay configuration nowadays (management r80.10 gateway r77.30 or full r80.10 env) , we found a stable configuration in r77.30 without using the new service for the dhcp aka legacy dhcp relay configuration.

As we moving towards r80.10 I would like to know if someone got some on field experience with that configuration.

Thanks all

5 Replies
Vincent_Bacher
Leader Leader
Leader
‎2018-02-06 11:20 AM

I can just tell that dhcp relay works fine using new service. We don't use legacy. 

OK sorry for this is not a constructive reply Smiley Happy

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Marco_Valenti
Advisor
‎2018-02-07 12:01 AM
In response to Vincent_Bacher

nah it's fine you just follow the instruction on the sk? have you tried with gaia embedeed appliance tto?

0 Kudos
Vincent_Bacher
Leader Leader
Leader
‎2018-02-07 12:23 AM
In response to Marco_Valenti

yes, the sk explains that well. and no, not yet needed to configure that on gaia embedded

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-02-22 03:32 AM

I would suggest sk97642 Troubleshooting DHCP Relay Issues for help. A short step-by-step guide to check/configure DHCP relay on R77 and up:

1. Each BOOTP primary address should be the VIP of the interface and point to the DHCP server(s)

2. On the DHCP server(s) should be a route back to the served network

3. Kernel parameter fwx_dhcp_relay_nat should be set to 1 on both cluster members (checked)

4. On management machine, in the file "table.def" of the RELEVANT GATEWAY VERSION - search the parameters "no_fold_services_ports” and “no_hide_services_ports” and make sure <67,17> and <68,17> do not exist in those lines (delete them).

5. Disconnect all GUI clients from management, then through GuiDBedit search under "network objects" for “perform_cluster” and make sure the parameters “perform_cluster_fold” and “perform_cluster_hide_fold” are set to “true”

6. Install policy

7. Perform the following procedure to add a new NAT rule above the NO NAT rule for the internal networks:

Create new/check objects with the following IP addresses:

    Group with both DHCP servers
    VIP of the relayed network
    Internal network to be relayed

Then add a new manual NAT rule of the following:

Original packet:

    Source: Relayed Network
    Destination: DHCP servers
    Port: bootp(67)

Translated packet:

    Source: VIP of relayed network
    Destination: Original
    Port: Original

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Marco_Valenti
Advisor
‎2018-02-22 08:01 AM
In response to G_W_Albrecht

thanks god despite multiple dhcp relay configurations that are actually working  I never had to go through this , but thanks anyway

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events