my DHCP server is in 192.168.8.0 network, i also configure my switch for IP HELPER, my question is what policies i need to create in the firewall for the DHCP service applicable to all VLANs i have
Since the GW is not the DHCP server you will need to configure DHCP Relay. Information on that can be found in sk104114. Please read all sections.
I noticed that you have an IP Address configured on both the physical interface eth1 and on the VLANs eth1.10 and eth1.20. According to sk88700 "it is mandatory to remove an IP address from a physical interface before creating any VLAN interfaces on that physical interface."
thank you, say no more IP, what are those policies to be created?
The policies are described in the SK that Kyle linked to.
As you are using IP-Helper on the SWITCH and not on the gateway, all you need to take care of in the rulebase is DHCP-Relay from switch to the DHCP server. This traffic will be sent by the switch on it's management interface to the DHCP server, so that is where you will need to see for the need of any rules.
If this is not passing through the Firewall, when the switch and DHCP server are in the same network, there is no need for any rules.
The SK is referring to the Firewall being the DHCP Relay server.
Make sure to allow the DHCP relay trffic from switch to DHCP server but alos the return traffic needs to be allowed separately.
Not to hi-jack this thread, but I had some similar questions about DHCP IP-Helper, but as it pertained to VSX. Some of these steps outline procedures in the WebUI. Does anyone know how this is configured in CLISH VSX?
for ip/helper or dhcp relay, first make sure to work on the correct VS and then use the following commands±
set bootp interface eth2 onset bootp interface eth2 relay-to <IP-DHCP-server> onset bootp interface eth2 primary <Gateway-IP-eth2> wait-time default onset bootp interface eth2 maxhopcount default
When you have more than 1 DHCP server just add another line with relay-to and the second IP
Retrieving data ...