Hi,
I'm having some issues with a SSG5 security device. I have a need to enable external DHCP (public IP from ISP) on a set-top-box in the internal network (the ISP recognizes the STB based on MAC address to enable certain features).
So far I have split the STB from the rest of the network using VLAN's. The issue is getting the DHCP working on the SSG5.
Current setup (public IP's are fake for security reasons):
Eth0/0 - Internet connection via modem - 76.25.4.81/18 - Untrust zone
Bgroup0 - Local network - 192.168.2.254/24 - Trust zone
Bgroup0.1 - Vlan tag 10 - 0.0.0.0/0 - Untrust zone
I added a policy to allow ping and dhcp relay services within the Untrust zone.
I figured this would allow the clients on vlan10 to get an IP through eth0/0.
Unfortunately this seems to be a no go, clients in the VLAN resort to 169.254.x.x range.
Next thing I tried was enabling DHCP relay on the VLAN using the DHCP server reported by eth0/0.
This requires setting an IP range on the subif, while I'm not sure which range the ISP is using.
So far this hasn't given any usable results, same 169.254.x.x range.
If all else fails I could sacrifice an ethernet port on the SSG5 and connect it to the VLAN directly. Then place it in a bgroup with eth0/0 to get switch functionality. Though it seems as if there should be a better solution to this...
Thanks for any input on this!
mvds