DHCP options and PXE boot

Reply
Highlighted
L2 Linker

They are in different zones. I will make sure to follow your prevoius suggestion and enable logging, I'll post the result asap.

 

Regards,

Tony

Highlighted
L6 Presenter

First, make sure that you allow the appropriate applications between the client/server zones!

Highlighted
L2 Linker

Will do that. Thanks.

Highlighted
L2 Linker

Hi, I've now checked the following;

We have a zone where the TFTP/WDS server is located (Frontend) and a zone where the PXE clients are located (Client). We have a security rule that permitts TFTP application (service > application default) between these zones. Could it be I'm not allowing the correct services, eventhough TFTP is permitted?

 

Regards,
Tony

Highlighted
L6 Presenter

Could be. Just for test permit any any limiting security policy just for your client source ip address.  What can you see in the logs?

Highlighted
L2 Linker

Hi, as far as I can tell there is no traffic coming from the client source address to the TFTP/WDS server. However, when running a Wireshark capture I can see TFTP traffic towards the default gateway (10.18.0.1) and not the TFTP/WDS server (10.18.16.46). Here's a screen shot;

 

TFTP GW.GIF 

Highlighted
L6 Presenter

What is delivered by palo DHCP server in the DHCPOFFER reply. Can you please capture full DORA process
Highlighted
L2 Linker

This as what I can see in the capture:

 

DHCP Discover:

Frame 44: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface 0
Ethernet II, Src: BizlinkK_48:6c:46 (9c:eb:e8:48:6c:46), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Bootstrap Protocol (Discover)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xfd683119
    Seconds elapsed: 28
        [Expert Info (Note/Protocol): Seconds elapsed appears to be encoded as little-endian]
    Bootp flags: 0x0000 (Unicast)
        0... .... .... .... = Broadcast flag: Unicast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: BizlinkK_48:6c:46 (9c:eb:e8:48:6c:46)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Discover)
        Length: 1
        DHCP: Discover (1)
    Option: (61) Client identifier
        Length: 7
        Hardware type: Ethernet (0x01)
        Client MAC address: BizlinkK_48:6c:46 (9c:eb:e8:48:6c:46)
    Option: (12) Host Name
        Length: 14
        Host Name: AIM-5CG7083HWB
    Option: (60) Vendor class identifier
        Length: 8
        Vendor class identifier: MSFT 5.0
    Option: (55) Parameter Request List
        Length: 13
        Parameter Request List Item: (1) Subnet Mask
        Parameter Request List Item: (3) Router
        Parameter Request List Item: (6) Domain Name Server
        Parameter Request List Item: (15) Domain Name
        Parameter Request List Item: (31) Perform Router Discover
        Parameter Request List Item: (33) Static Route
        Parameter Request List Item: (43) Vendor-Specific Information
        Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
        Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type
        Parameter Request List Item: (47) NetBIOS over TCP/IP Scope
        Parameter Request List Item: (121) Classless Static Route
        Parameter Request List Item: (249) Private/Classless Static Route (Microsoft)
        Parameter Request List Item: (252) Private/Proxy autodiscovery
    Option: (255) End
        Option End: 255
    Padding: 000000000000

------------------------

DHCP Offer:

Frame 28: 375 bytes on wire (3000 bits), 375 bytes captured (3000 bits) on interface 0
Ethernet II, Src: PaloAlto_00:01:16 (00:1b:17:00:01:16), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 10.18.0.1, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Bootstrap Protocol (Offer)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x2ea2c556
    Seconds elapsed: 10
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
        1... .... .... .... = Broadcast flag: Broadcast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0
    Your (client) IP address: 10.18.0.6
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: Dell_a2:c5:56 (84:2b:2b:a2:c5:56)
    Client hardware address padding: 00000000000000000000
    Server host name: vr-deploy.invmgt.wan
    Boot file name: boot\x86\wdsnbp.com
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Offer)
        Length: 1
        DHCP: Offer (2)
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (691200s) 8 days
    Option: (54) DHCP Server Identifier
        Length: 4
        DHCP Server Identifier: 10.18.0.1
    Option: (1) Subnet Mask
        Length: 4
        Subnet Mask: 255.255.252.0
    Option: (3) Router
        Length: 4
        Router: 10.18.0.1
    Option: (15) Domain Name
        Length: 10
        Domain Name: invmgt.wan
    Option: (6) Domain Name Server
        Length: 4
        Domain Name Server: 10.18.0.1
    Option: (46) NetBIOS over TCP/IP Node Type
        Length: 1
        NetBIOS over TCP/IP Node Type: P-node (2)
    Option: (66) TFTP Server Name
        Length: 20
        TFTP Server Name: vr-deploy.invmgt.wan
    Option: (67) Bootfile name
        Length: 19
        Bootfile name: boot\x86\wdsnbp.com
    Option: (255) End
        Option End: 255
    Padding: 00

-----------------------------

DHCP Request:

Frame 4: 590 bytes on wire (4720 bits), 590 bytes captured (4720 bits) on interface 0
Ethernet II, Src: Dell_a2:c5:56 (84:2b:2b:a2:c5:56), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Bootstrap Protocol (Request)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x2ea2c556
    Seconds elapsed: 10
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
        1... .... .... .... = Broadcast flag: Broadcast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: Dell_a2:c5:56 (84:2b:2b:a2:c5:56)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Request)
        Length: 1
        DHCP: Request (3)
    Option: (50) Requested IP Address
        Length: 4
        Requested IP Address: 10.18.0.6
    Option: (55) Parameter Request List
        Length: 36
        Parameter Request List Item: (1) Subnet Mask
        Parameter Request List Item: (2) Time Offset
        Parameter Request List Item: (3) Router
        Parameter Request List Item: (4) Time Server
        Parameter Request List Item: (5) Name Server
        Parameter Request List Item: (6) Domain Name Server
        Parameter Request List Item: (11) Resource Location Server
        Parameter Request List Item: (12) Host Name
        Parameter Request List Item: (13) Boot File Size
        Parameter Request List Item: (15) Domain Name
        Parameter Request List Item: (16) Swap Server
        Parameter Request List Item: (17) Root Path
        Parameter Request List Item: (18) Extensions Path
        Parameter Request List Item: (22) Maximum Datagram Reassembly Size
        Parameter Request List Item: (23) Default IP Time-to-Live
        Parameter Request List Item: (28) Broadcast Address
        Parameter Request List Item: (40) Network Information Service Domain
        Parameter Request List Item: (41) Network Information Service Servers
        Parameter Request List Item: (42) Network Time Protocol Servers
        Parameter Request List Item: (43) Vendor-Specific Information
        Parameter Request List Item: (50) Requested IP Address
        Parameter Request List Item: (51) IP Address Lease Time
        Parameter Request List Item: (54) DHCP Server Identifier
        Parameter Request List Item: (58) Renewal Time Value
        Parameter Request List Item: (59) Rebinding Time Value
        Parameter Request List Item: (60) Vendor class identifier
        Parameter Request List Item: (66) TFTP Server Name
        Parameter Request List Item: (67) Bootfile name
        Parameter Request List Item: (128) DOCSIS full security server IP [TODO]
        Parameter Request List Item: (129) PXE - undefined (vendor specific)
        Parameter Request List Item: (130) PXE - undefined (vendor specific)
        Parameter Request List Item: (131) PXE - undefined (vendor specific)
        Parameter Request List Item: (132) PXE - undefined (vendor specific)
        Parameter Request List Item: (133) PXE - undefined (vendor specific)
        Parameter Request List Item: (134) PXE - undefined (vendor specific)
        Parameter Request List Item: (135) PXE - undefined (vendor specific)
    Option: (57) Maximum DHCP Message Size
        Length: 2
        Maximum DHCP Message Size: 1260
    Option: (54) DHCP Server Identifier
        Length: 4
        DHCP Server Identifier: 10.18.0.1
    Option: (97) UUID/GUID-based Client Identifier
        Length: 17
        Client Identifier (UUID): 4c4c4544-004b-5310-8050-b5c04f32354a
    Option: (93) Client System Architecture
        Length: 2
        Client System Architecture: IA x86 PC (0)
    Option: (94) Client Network Device Interface
        Length: 3
        Major Version: 2
        Minor Version: 1
    Option: (60) Vendor class identifier
        Length: 32
        Vendor class identifier: PXEClient:Arch:00000:UNDI:002001
    Option: (255) End
        Option End: 255
    Padding: 000000000000000000000000000000000000000000000000...


--------------------------

DHCP ACK:

Frame 52: 372 bytes on wire (2976 bits), 372 bytes captured (2976 bits) on interface 0
Ethernet II, Src: PaloAlto_00:01:16 (00:1b:17:00:01:16), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 10.18.0.1, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Bootstrap Protocol (ACK)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x2ea2c556
    Seconds elapsed: 10
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
        1... .... .... .... = Broadcast flag: Broadcast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0
    Your (client) IP address: 10.18.0.6
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: Dell_a2:c5:56 (84:2b:2b:a2:c5:56)
    Client hardware address padding: 00000000000000000000
    Server host name: vr-deploy.invmgt.wan
    Boot file name: boot\x86\wdsnbp.com
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (ACK)
        Length: 1
        DHCP: ACK (5)
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (691200s) 8 days
    Option: (54) DHCP Server Identifier
        Length: 4
        DHCP Server Identifier: 10.18.0.1
    Option: (1) Subnet Mask
        Length: 4
        Subnet Mask: 255.255.252.0
    Option: (3) Router
        Length: 4
        Router: 10.18.0.1
    Option: (15) Domain Name
        Length: 10
        Domain Name: invmgt.wan
    Option: (6) Domain Name Server
        Length: 4
        Domain Name Server: 10.18.0.1
    Option: (66) TFTP Server Name
        Length: 20
        TFTP Server Name: vr-deploy.invmgt.wan
    Option: (67) Bootfile name
        Length: 19
        Bootfile name: boot\x86\wdsnbp.com
    Option: (255) End
        Option End: 255
    Padding: 00

--------------

 

Regards,

Tony

 

 

 

Highlighted
Cyber Elite

@tlea,

It looks like the request is properly handing out options 66 and 67 so I would start looking at your security policies more and make sure that the traffic is actually getting allowed. Alternatively you should also attempt to put a device in the same zone as your WDS server so that the firewall essentially gets taken out of the equation and verify that it works with your current settings, as long as it works in the same zone then you know it's more than likely something to do with your security policies, because the DHCP info looks perfectly fine. 

Highlighted
L6 Presenter

Who holds this DNS name:

 

  Option: (66) TFTP Server Name
        Length: 20
        TFTP Server Name: vr-deploy.invmgt.wan

 

??

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!