Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
hcampuzano
Participant

How to configure DHCP for PXE Booting

Is it possible to configure Checkpoint as DHCP server to forward PXE requests to a Distribution Point for Windows imaging?
The PXE server and the firewall are on the same subnet and the firewall is the DHCP server.
The new clients that request the image installation cannot communicate with the Distribution Point (PXE server) because the DHCP server (the firewall) is not sending the PXE requests.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Sounds like this should be configured on the PXE server itself, not via DHCP.
See the following: https://techcommunity.microsoft.com/t5/configuration-manager-blog/you-want-to-pxe-boot-don-t-use-dhc... 

0 Kudos
(1)
six
Explorer

Checkpoints are useless at this - you have to go into the operating system files and manually edit them. https://askubuntu.com/questions/874648/setting-options-66-and-67-for-isc-dhcp-server

The fact there is no way of doing this from the management server or Gaia in 2024 is pretty damning.

0 Kudos
_Val_
Admin
Admin

Hey @six, putting aside your unprofessional and disrespectful tone, are you aware that Gaia is not based on Ubuntu?

0 Kudos
six
Explorer

Good afternoon. I am sorry you feel this is unprofessional but we all must accept that there are flaws with Check Point and this is one them. The solution I linked to is the correct fix for this issue -  it's a Linux operating system so it doesn't matter if it's Ubuntu or Gaia.

0 Kudos
Bob_Zimmerman
Authority
Authority

Strictly, it can be done from the management server. A tool called cprid_util can be used to push files to, pull files from, or run arbitrary non-interactive commands on a firewall which reports to a given management. cprid_util can also be used via the /run-script Gaia API call.

Sure, it's less convenient than proper support for DHCP options in clish and via the Gaia API would be, but it's at least possible.

I do wish Check Point would give up on clish. I understand the goal: it's nice to have a single "configuration" rather than state spread across dozens of files. Greatly simplifies change management, auditing, and so on. It just doesn't work well. It's consistently the worst part of interacting with a firewall or management server. Useless for troubleshooting (no pipes for grep, awk, etc.; no loop constructs; no file I/O), incredibly irritating on VSX, there's all kinds of missing functionality like the ability to set DHCP options. And it's more than a little ridiculous that Check Point's own article on using DHCP options (sk92473) acknowledges that clish will muck up this config so you need to set the immutable flag to prevent it from undoing your work.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events