This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dirk_Casomo
Contributor
‎2018-03-23 03:51 PM

I have a DHCP Server MS and I have created VLANs do i need to create policies for each VLAN so that DHCP will work on each VLAN?

my DHCP server is in 192.168.8.0 network, i also configure my switch for IP HELPER, my question is what policies i need to create in the firewall for the DHCP service applicable to all VLANs i have

7 Replies
KernelGordon
Employee Alumnus
Employee Alumnus
‎2018-03-23 04:33 PM

Since the GW is not the DHCP server you will need to configure DHCP Relay. Information on that can be found in sk104114. Please read all sections.

I noticed that you have an IP Address configured on both the physical interface eth1 and on the VLANs eth1.10 and eth1.20. According to sk88700 "it is mandatory to remove an IP address from a physical interface before creating any VLAN interfaces on that physical interface."

0 Kudos
Dirk_Casomo
Contributor
‎2018-03-23 04:38 PM
In response to KernelGordon

thank you, say no more IP, what are those policies to be created?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-03-23 10:35 PM
In response to Dirk_Casomo

The policies are described in the SK that Kyle linked to.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-03-24 06:15 AM

Hi Dirk,

As you are using IP-Helper on the SWITCH and not on the gateway, all you need to take care of in the rulebase is DHCP-Relay from switch to the DHCP server. This traffic will be sent by the switch on it's management interface to the DHCP server, so that is where you will need to see for the need of any rules.

If this is not passing through the Firewall, when the switch and DHCP server are in the same network, there is no need for any rules.

The SK is referring to the Firewall being the DHCP Relay server.

Regards, Maarten.

Regards, Maarten
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-03-25 05:35 AM
In response to Maarten_Sjouw

Make sure to allow the DHCP relay trffic from switch to DHCP server but alos the return traffic needs to be allowed separately.

Regards, Maarten
0 Kudos
Daniel_Taney
Advisor
‎2018-05-31 09:33 AM
In response to Maarten_Sjouw

Not to hi-jack this thread, but I had some similar questions about DHCP IP-Helper, but as it pertained to VSX. Some of these steps outline procedures in the WebUI. Does anyone know how this is configured in CLISH VSX?

R80 CCSA / CCSE
Maarten_Sjouw
Champion
Champion
‎2018-05-31 01:43 PM
In response to Daniel_Taney

for ip/helper or dhcp relay, first make sure to work on the correct VS and then use the following commands±

set bootp interface eth2 on
set bootp interface eth2 relay-to <IP-DHCP-server> on
set bootp interface eth2 primary <Gateway-IP-eth2> wait-time default on
set bootp interface eth2 maxhopcount default

When you have more than 1 DHCP server just add another line with relay-to and the second IP

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events