This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
a week ago
Jump to solution

Office mode DHCP method failure

Hey guys,

Just wondering if there might be something simple missing for office mode failing with dhcp server method ip allocation. We even replicated this in the lab (on R82 mind you), though customer is on R81.20 jumbo 92. 

We followed below steps, but no luck.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-...

When we try in the lab, it simply says "Connection failed. you cannot receive office mode IP address at this time, try to connect again"

There is an sk on support site about this exact error, but all it says its fixed in certain versions, which customer is on anyway.

Any clue what might be the fix? I even verified the connection in the lab back and forth from dhcp server, tried different VIP, no joy.

Tx as always! I attached some screenshots for this as well.

Andy

Preview file
126 KB
Preview file
43 KB
Preview file
27 KB
Preview file
29 KB
0 Kudos
37 Replies
the_rock
Legend
Legend
12 hours ago
In response to Duane_Toler
Jump to solution

All I keep sesing is whats attached, with few different MAC addresses, but though all are allowed, same issue.

Andy

Preview file
99 KB
0 Kudos
Duane_Toler
Advisor
11 hours ago
In response to the_rock
Jump to solution

Ah.  Looks like there's a filter list of MAC addresses.  Or the filter is enabled but no entries are in the list.

https://www.dtonias.com/configure-dhcp-server-2016-filters/

 

Check this and you may need to disable the filter if it's enabled. 

the_rock
Legend
Legend
11 hours ago
In response to Duane_Toler
Jump to solution

Just working on some Fortinet SASE stuff now, will check in a bit.

Tx brother 🙂

Andy

0 Kudos
the_rock
Legend
Legend
10 hours ago
In response to Duane_Toler
Jump to solution

Looks like they are all allowed.

Andy

Preview file
137 KB
0 Kudos
Duane_Toler
Advisor
10 hours ago
In response to the_rock
Jump to solution

Do you have anything in the Policies folder under the scope?  Apparently more detailed filters can be configured in there.  I wonder if the server is seeing the virtual MAC address of the gateway and using that for the MAC filter address.

0 Kudos
the_rock
Legend
Legend
10 hours ago
In response to Duane_Toler
Jump to solution

I checked that last week, appears to be related only to Windows class.

0 Kudos
Duane_Toler
Advisor
9 hours ago
In response to the_rock
Jump to solution

Try adding the MAC address  50-01-00-01-00-00 to your Allow filter.  That's the MAC your earlier capture screen shot showed as coming from the firewall for the unicast DHCP relay.  I see you had 50-01-00-02-00-00, however.  And nothing in the Deny filter, I presume?  I'm just about out of ideas, tho. 🙂

If this doesn't work, can you delete everything in the Allow and Deny filters and let it ride?  Or do you require filter entries?

 

0 Kudos
the_rock
Legend
Legend
9 hours ago
In response to Duane_Toler
Jump to solution

Yep, just tried, no luck...o well, its long weekend here, so let me clear my head till Tuesday, maybe something else comes to mind! Thanks so much again for all your help.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    CheckMates Events