DMZ does not permit DHCP Relay

nzblue_fish · ‎10-14-2010

I'm in the process of setting up a new SSG20 for our network, and have spent quite a few hours trying to figure out why the DHCP-relay failed for the DMZ zone, but worked for a Guest zone that was also set up on the firewall. After much pouring over debug logs and trawling through the forums, it appears that DHCP-relay does not work from the standard DMZ setup.

I've already demonstrated that setting up an alternative DMZ zone works fine for DHCP-relay, but that made me wonder whether there was a valid reason for the restriction on the "out-of-the-box" DMZ.

Is there some obscure reason why DHCP-relay doesn't work in this situation? Is there any philosophical reason for not creating a custom DMZ that would allow DHCP-relay to work.

Many thanks,

Innes (NZ)

rfrederick · ‎07-14-2008

There is an option within the zone which allows or disallows DHCP relay. I would assume you checked that, right? I do not have any particular opinion as to why DHCP relay would be worse than any other allowed service from the DMZ to the LAN, but as it is a service easily provided for in the firewall (or another DMZ host), I seldom find myself allowing it.

Ron

rfrederick · ‎07-14-2008

unset zone dmz no-dhcp-relay

Ron

DMZ does not permit DHCP Relay

Re: DMZ does not permit DHCP Relay

Re: DMZ does not permit DHCP Relay