AnsweredAssumed Answered

Strange Firewall logic for DHCP discover packets

Question asked by Serhii Yaholnytskyi on Oct 26, 2018
Latest reply on Oct 27, 2018 by Aleksei Shelepov

Using R77.30 firewall we were trying to allow DHCP discover packets to our gateway which had been configured as DHCP server. We have found DHCP discover packets drop on our firewall. These packets had source IP 0.0.0.0 and destination 255.255.255.255. So, we made a permissive rule with  respective source and destination and service bootp. Firewall still drops the packets. TAC recommended us to change source to any, we did it and firewall accepted those packets. On the next step I have created IP address range object with first IP 0.0.0.1 and last IP 255.255.255.255, added it to source instead of any and negated source cell. As a result - firewall accepts our DHCP discover packets. When I change first IP in range to 0.0.0.0, firewall drops DHCP discover packets. Can somebody explain, why we can not use as source host 0.0.0.0 to accept this traffic but when we exclude every IP address except 0.0.0.0 from source, it works properly? 

Outcomes