I have 3 rules for DHCP relay. FW still blocks some packets now and then
but both the DHCP clients and server seem to be satisfied. At least
there have been no problems with obtaining or expiring leases in the
production environment for over a year with this setup.
If you have DHCP server running on the gateway, simply specifying the
gateway in lieu of DHCP_servers should do the work.
(Any) -> (broadcast4x255) @ (dhcp) = accept
(DHCP_servers) -> (whole_network, FW_group) @ (echo-request, dhcp) =
accept
(whole_network) -> (DHCP_servers @ dhcp) = accept
*DHCP_servers is a group consisting of host objects which list DHCP
servers (there are multiple servers for HA)
*whole_network is a network object depicting my LAN
*FW_group is a group of host objects listing all real and virtual
addresses of fw interfaces (there are multiple addresses per interface
for HA)
*broadcast4x255 is a HOST OBJECT with address 255.255.255.255
-tarmo-
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
