Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Prabulingam_N1
Advisor

Unnecessary Bootp Logs being created from checkpoint firewall. Need to stop

Dear All,

 

We are getting logs of "bootp traffic dropped to 255.255.255.255 on port 67" from multiple checkpoint clusters.
We are not using any DHCP or DHCP relay services in our environment.
Also, we followed the sk104114 to identify if bootp services are running on any interfaces. But no interface was running bootp services in any of our clusters.

May kindly let us know why this log is coming.

Various snapshots are attached.

Also,

Checkpoint Mgmt Server: GAIA: R80.40
Checkpoint Gateways: GAIA R80.10 (Load Sharing Unicast)

May kindly let us know why this log is coming. Also, how to stop these logs from getting generated.

 

Regards,

Vinodhini R

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Most likely, something on the same LAN as the firewall is generating DHCP requests.
Use tcpdump -eni to verify the MAC address of the device generating the request.
It's most likely NOT the gateway that's doing it since that requires enabling a DHCP client on a given interface.

You can also simply create a rule to drop and not log this traffic, which is what I do in my home lab.

0 Kudos
_Val_
Admin
Admin

The logs are not caused by the clusters themselves. At least one machine in your network is sending DHCP requests, look for it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events