SonicWALL and internal DHCP

[Silmeron]

I have a SonicWALL Pro 230 protecting my company's LAN and we have some devices that use DHCP to get themselves IP addresses.

The device broadcasts on boot up from 0.0.0.0 and the SonicWALL logs this as a threat and eats the packets, thus stopping the device from getting an IP address. I've tried creating a rule that allows ports 67-68 UDP to travel freely inside my LAN, but that doesn't stop the SonicWALL.

Any idea how to turn that off?

Thanks!
~S~

 

[ChicagoJim]

I'm assuming your DHCP clients are on a different subnet than the DHCP server, or you wouldn't have this problem.

That being the case, simple firewall rules will not work because they examine packets at layer 3 (the network layer) and above. DHCP requires knowledge of the clients MAC address, which is layer 2 (data link layer) information. To solve this problem, firewall products tack on support specifically for DHCP relay. (I.E. Cisco's "ip helper" command.)

I see from SonicWall’s website that the 230 supports DHCP Relay through VPN tunnels. But, I don’t have access to one to see if it will relay DHCP requests/responses from subnet to subnet.

Even if your 230 doesn't provide support for DHCP Relay from subnet to subnet, it CAN be set up to act as the DCHP server for the subnet you’re having issues with. Although, doing so may cause DNS resolution issues if your DHCP server is configured to update name server entries.

 

[Silmeron]

Thanks for the reply, Chicago. It turns out that my switches all had Spanning Tree turned on, and this was causing just enough delay to stop the device from it's DHCP broadcast from being heard by my DHCP Windows servers. I had misdiagnosed the DHCP message on the firewall.

Thanks again!
~S~

 

[ChicagoJim]

Good to know. Thanks for the follow-up