we have just recently made a change in where we moved clients from one segment to a new one. We are using WDS for PXE boot and the WDS server (MDT 2013) is on a different segment than the clients. The Palo is our DHCP server for clients and we have defined some options in our DHCP scope (option 66 pointing to the WDS server and option 67 pointing to the bootfile).
This setup is not working, the PXE boot process stops telling me it cannot find the TFPT server (PXE-032). Any suggestions are much appreciated.
I have identical situation like You
My config looks like:
On "new one" segment DHCP server You have to set option 66 and 67 - both options must point to your WDS server
Where is Your DHCP on PA or Windows servers?
In my opinion something wrong is with your path \Boot\x64\wdsmgfw.efi
Maybe You can try with my path? - of course if Your WDS server have boot\x86\wdsnbp.com file - You can check it.
Are You sure that have sescurity policies thats allow traffic from 10.18.0.1/24 to 10.18.16.46?
Hi Slawek and thanks for your response. I will change the boot file name to the one you are using. When it comes to security policies I'm not sure and will have to check this closer. I guess there will some policy in regards of TFTP needed?
I will check this first thing tomorrow morning.
Hi Slawek, the change to boot\x86\wdsnbp.com did not help. Here's the output from the client
I'm guessing we have some problems with TFTP and I'm just thinking we might have to create a Policy-Based Forwarding rule for TFTP (port 69) between the client net and the server net? If you have any suggestions I'd be really happy!
When your client receives a TFTP server information from the palo DHCP server, what can you see in the traffic logs on palo? Is your TFTP server in the same subnet as client or not (looks like it is not)? Are they in the same zone (same zone traffic is allowed by default).
Hi TranceforLife and thanks for your input. I cannot see any traffic using the monitor, and the TFTP server is in the server subnet, ie. not in the same subnet as the PXE client.
Client subnet and the server subnet are they in the same zone? If yes can you please override default Intra-zone policy or make sure you have login enabled on your current policy so you can see client attempts:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!