https://live.paloaltonetworks.com/t5/general-topics/dhcp-relay-issue/m-p/449528#M100947 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/156321">@stef</a>,</P> <P>The traffic on the firewall will simply look like the client is communicating directly to the DHCP host that you have setup as the relay target, so make sure that you are actually allowing the traffic properly in your rulebase. Use the 'test security-policy-match' command to verify that you actually have the security rulebase entry built out properly.</P> Thu, 25 Nov 2021 23:44:29 GMT BPry 2021-11-25T23:44:29Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-relay-issue/m-p/449394#M100928 <P>Hello all,</P><P>&nbsp;</P><P>I have an issue with the DHCP.&nbsp;</P><P>I have DHCP relay configured on the device (PA820), remote windows server, connectivity and &nbsp;policy permitting DHCP traffic.</P><P>The problem is that the traffic is sill dropped by the FW, classified as not applicable.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2021-11-25 at 11.56.38.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37798iE90E1E7BBAA23729/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Screenshot 2021-11-25 at 11.56.38.png" alt="Screenshot 2021-11-25 at 11.56.38.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2021-11-25 at 11.58.01.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37799i58B95E9C40E41939/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Screenshot 2021-11-25 at 11.58.01.png" alt="Screenshot 2021-11-25 at 11.58.01.png" /></span></P><P>&nbsp;</P><P>&nbsp;Can someone advice &nbsp;? Thank you in advance!</P> Thu, 25 Nov 2021 10:16:42 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-relay-issue/m-p/449394#M100928 stef 2021-11-25T10:16:42Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-relay-issue/m-p/449504#M100940 <P>Keep in mind that DHCP is a conversation that happens before there is an IP address assigned, so the concept of a session might be different. I have not tested this on Palo myself. Maybe add both zones on the source and dest. My experience was Cisco ISR ACL and that was quite interesting.</P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFXCA0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFXCA0</A></P> Thu, 25 Nov 2021 22:33:59 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-relay-issue/m-p/449504#M100940 johnwalshaw 2021-11-25T22:33:59Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-relay-issue/m-p/449528#M100947 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/156321">@stef</a>,</P> <P>The traffic on the firewall will simply look like the client is communicating directly to the DHCP host that you have setup as the relay target, so make sure that you are actually allowing the traffic properly in your rulebase. Use the 'test security-policy-match' command to verify that you actually have the security rulebase entry built out properly.</P> Thu, 25 Nov 2021 23:44:29 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-relay-issue/m-p/449528#M100947 BPry 2021-11-25T23:44:29Z