Hi, You didn't mension anything about drops or accepts on the logs of the firewall so i'll try and guess your problem here.
ASF is not a platform that i know by the way... I'm guessing you see accepts in the logs of your firewall bootpc and bootps are the basic services to DHCP bootpc is UDP/68 wich is used by the server on replys to the client bootps is UDP/67 wich is used by the client when he broadcasts a request (Not sure, but it can be the other way around) Anyways you need this two ones at least. Another thing, and this as got nothing to do with CP Your gateway must have a bootp_relay agent or must support this, if not you will not be able to relay the requests from one interface to another. In other words with bootp_relay agent you will route any dhcp requests to a server inside your firewall. The best way is to setup a gateway first without thinking about Firewalling, and put bootp_relay to work...then you think about firewall. This is just a guess, anyway, if you allready have bootp_relay and tested it before and worked, then i'm sorry for the inconveniance. hope i could be of any help anyways, CS >-----Original Message----- >From: Mailing list for discussion of Firewall-1 >[mailto:[EMAIL PROTECTED] On Behalf >Of Imran Obaidullah M >Sent: Wednesday, 06 August, 2003 14:51 >To: [EMAIL PROTECTED] >Subject: [FW-1] DHCP issue with checkpoint > > >Dear frds, >During my lab setup i am having the prob which i am unable to >troubleshoot. >I have a DHCP client on Router (Cisco product) and DHCP server (Cisco >Product).I am keeping DHCP client outside the firwall while >DHCP server is >inside the firewall.The rule base is any nay any allports allow.I have >created all ports group which contains all the services. DHCP >server client >uses follwoing ports. >Time of day, bootp,tftp. >I have seen and confirmed twice that above ports are included >in the service >group. I am still not able to establish the communication between DHCP >client and the DHCP server across the firewall. I can confirm that when >modem comes online right now modems are stuck in the initd mode. >PLease let me know if u have any solution. >I am using ASF 5105 2.2.1.0a FP3. >Note I am configuring DHCP server address in the IP helper. > >Regards >vj > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > Trusted Systems - http://www.trusted.pt Pra�a de Alvalade, n.� 6 - 6.� piso 1700-036 Lisboa, PORTUGAL Tel: +351 217994200 Fax: +351 217994242 -- A presente mensagem pode conter informa��o considerada confidencial. Se o receptor desta mensagem n�o for o destinat�rio indicado, fica expressamente proibido de copiar ou endere�ar a mensagem a terceiros. Em tal situa��o, o receptor dever� destruir a presente mensagem e por gentileza informar o emissor de tal facto. Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
