Hi,
Rule 0 in this case means Spoof Tracking action for you FW object (FW object
-> Interfaces - > Security).
As you can see from your entry in log file, this box (sometime it show IP
like 0.0.0.0) sent request to everybody (subnet mask 255.255.255.255) and
asking about Who can gave me IP ?
And of course FW get this packet as well and becouse it comes from internal
(I hope) interface on your FW, anti spoffing policy just drop this packet.
It's not mean that your client can't get DHCP IP from your internal DHCP
server, just FW drop this packet, but your DHCP server should accept it and
give IP for this pure box.
Alex Kvasnytskyy
LAN Admin
Digital Security Controls
-----Original Message-----
From: Brooks Carlson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 10:56
To: 'Firewalls (E-mail)
Subject: DHCP problem with Checkpoint Firewall-1
I apologize if this has been asked before, I searched the archives for the
last few months and
found nothing. I also searched www.google.com and found some articles, but
none that answered
my particular question.
We are running Checkpoint Firewall-1 4.1 SP2 on an NT 4.0 SP6a machine with
all extra services
disabled. There is an internal network (10.0.0.0/8) with an internal DNS
server. Recently, I took over
the firewall and hardened the outgoing packets (before everything was
allowed). I restricted outgoing to
HTTP, HTTPS, FTP, and SMTP/POP3 for the email server. I allowed UDP DNS and
TCP DNS to DNS
servers.
Now, the firewall is blocking DHCP attempts. I see in the log:
Alert Drop (no source) 255.255.255.255 udp rule0 sourceport68
I created a rule that says:
Any DHCPServer bootp (67/68) accept log long
But it still rejects. The curious thing is that Rule 0 is rejecting. I
went through and elimited extra services
as listed at Phoneboy (How Can I Disable Everything in the Rule Base). Is
something that I unchecked
in the rules now blocking this traffic?
Is this securely possible with Checkpoint-1? We are not using SecuRemote.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
