- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Has anyone ever followed the SK for changing the legacy DHCP Relay services, (sk104114)?
I'm curious, if the new services need to be in a new rule not including the old bootp/bootps?
I guess I was under the impression the Kernel change would force the firewall to use the new services, ignoring the old ones.
Since R77.20 it is recommended that the new DHCP services be used. New services config is found in sk104114 - Configuration of IPv4 BOOTP/DHCP Relay using new services, legacy in sk98839 - Configuration of IPv4 BOOTP/DHCP Relay using legacy services, so it is easy to compare the two solutions. Additionally, sk41515: How to configure BootP/DHCP Relay on Security Gateway running IPSO / Gaia OS includes Allowing DHCP Relay traffic to cross a VPN tunnel.
What about the SMS kernel change, how should that influence DHCO relaying?
What is the main purpose to have those "new" DHCP Relay Services ? Just to have 2 services (request, reply) instead of 4 ?
Yes, to have a number of services replaced by only two.
I've been changing everything over to the new services following an upgrade of several CMAs to R80.10. I like the new way. Makes for a very tidy policy:
so I guess it isn't possible to have the new services along side the old services as you transition?
Yes, you could have both old services and new services in the same policy, and even the same rule. But I don't see the need to do so.
I just tried it, it still wants to use the old bootp and bootps in the rule even though I change the kernel parameters to fw ctl set int fwx_dhcp_relay_nat 0
I do not think that this is an supported solution. sk104114 explicitly states:
In the security policy, new DHCP services and legacy DHCP services are mutually exclusive - only one type can be used.
By the way, exactly this is checked if you are going to migrate from R77.30 to R80.x. This situation with "legacy" vs "new" DHCP services is marked as WARNING, which doesnt stop you from creating export. There is just remark that starting from R80.x, the new services were added and should be used instead of Legacy services.
I was able to export from R77.30 and successfully import into R80.10, but I understood I couldn't go any further until I changed this on all the gateways.
meaning I couldn't manage the firewalls within R80.10 with the legacy DHCP services.
Is this not the case?
So I guess my big question is this, Can R80.10 still manage firewalls that have the Legacy DHCP services?
Is it required to change this on all our gateways and rules before I start managing our R77.30 firewalls with R80.10?
I don't see why not, especially since the SK that talks about it refers to R80.20: Configuration of IPv4 BOOTP/DHCP Relay using legacy services
That said, the recommendation is to use the newer services.
Has anyone upgraded from R77.30 to R80.20 with legacy DHCP services left in the policies? Any issues? I too was preparing to switch over to the new services before the upgrade, but I am hoping to avoid this (for now).
Thanks,
Dave
i upgraded from 77.30 to R80.10 without issues with legacy DHCP Relay in place... so no problem
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
26 | |
16 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
2 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY