VSX Gateway is using internal IP in DHCP relay con...

Franktum · ‎2024-02-14

Hi all:

Yesterday we upgraded a VSX Gateway from R80.40 to R81.10 Take 130. Today most of the users cannot get IP from DHCP. The gateway has configured DHCP relay on the interface, the config is still ok, survived to the upgrade, but in most of the DHCP requests, it's sending the unicast packets to DHCP servers with internal IP address, instead of the IP of Gateway Address.

We checked the value of the variable fw ctl get int fwx_dhcp_relay_nat, it's 0.

We are checking this article, https://support.checkpoint.com/results/sk/sk97642, but no luck so far.

Any ideas?

Thank you

Alex- · ‎2024-02-14

By internal address, I suppose you mean the internal VSX communication network.

I had this occurence with R81+ gateways and ended up crating manual NAT entries for the relevant interfaces IP to use the VS IP for DHCP services.

emmap · ‎2024-02-14

Is there a 'no-nat' rule that might be accidently causing this?

Franktum · ‎2024-02-14

Hi,

The root of the issue was a custom configuration in table.def management file:

no_hide_services_ports = { <4500,17>, <500, 17>, <259, 17>, <1701, 17>, <5500, 17>, <67, 17>, <68, 17>};

no_fold_services_ports = { <4500,17>, <500, 17>, <259, 17>, <1701, 17> , <67, 17>, <68, 17> };

It was working for years with previous versions but with R81.10 it didn't. Once we deleted the bootp ports from the file the problem was fixed.

Regards

Are you a member of CheckMates?

VSX Gateway is using internal IP in DHCP relay connections