Hey everyone, something weird is happening and I'd like to figure out why.
I have a Watchguard M300 firewall doing routing for internal traffic across VLANs. I have DHCP relay set up and working, but in the traffic monitor I'm seeing DHCP replies getting denied at the Watchguard's gateway IP on the client VLAN. Here's some specifics:
VLAN 10 — Servers — 10.0.10.0/24 (DHCP lives here) — Gateway IP 10.0.10.1
VLAN 20 — Ethernet Clients — 10.0.20.0/24 (laptop lives here) — Gateway IP 10.0.20.1
Now my laptop requests an IP and the Watchguard helpfully forwards the request and the laptop gets the DHCP response. However when this happens I also see a deny in the traffic logs from the DHCP server to the client gateway 10.0.20.1 on udp/67.
Why is anything being sent there, and why does it still work? Is it something I'm missing/doing wrong in my DHCP config? I have firewall policies configured to allow DHCP from the client VLAN to the DHCP server and vice versa.
Any suggestions are appreciated. I guess it's not urgent if it is working but you know the only thing scarier than things not working when they should is things working when they seemingly shouldn't.
No comments:
Post a Comment