We setup a DHCP relay to a MS 2008R2 DHCP server, server recieves the relay and passes a client address back to PA 2050 running 4.1.3, the address does not get passed through to client, logs show only thr DHCP request going out but nothing back, no blocks in logs, we know the address packet is being returned to the server side PALO NIC.
we even opened all protocols both ways, but still nothing going back and no blocks or system errors.
anyone have any ideas?
We have one PA2050, with PANOS v3.1.9 with 2 virtual routers. A inner and outer router.
The outer router routes traffic to our external sites.
We also have problems with dhcp-replies from our MS 2008 R2 DHCP server.
I can se the dhcp-requests in the dhcp log on the dhcp-server.
I see the dhcp-requests from the external routers in PA monitor and i see the replies back to the routers in the monitor.
The dhcp server updates the leasetime for the scopes and all looks fine.
But, the clients does not receive the dhcp replies.
I rebooted the PA 2 days ago because of several subnets without dhcp-replies coming through.
Yesterday all looked good.
Today i have 2 other subnets with dhcp problems.
I also lost dhcp to several subnets when i commited some small changes 2 days ago.
I cant see any logic in ths strange behaviour.
It's always subnets connected to the outer PA virtual router (external sites) that experiencs these problems.
The outer router has about 110 routes.
Wh have just changed our external IP-plan and therefore we have a lot of routes to all the externel subnets while we have changed network by network.
I'm going to delete at least 70 of the routes and replace them with 7 routes with a bigger mask.
I'm a bit stuck right now....
I'm not sure if this is helpful or not, but one of our other DHCP issues we run into is due to the route to the DHCP server being dropped.
On the PA, we have zone X which provides services to a particular set of clients. We then have zone Y which connects the main part of our network, including the DHCP server. Zone X router does a DHCP relay to the DHCP server through the PA. This works fine normally. However, sometimes, the switch between the PA and the router controlling our main network reboots. When that happens, our DHCP from zone X begins failing.
Going into session browser on the PA shows that because the route to the DHCP server was lost when the PA dropped its OSPF connection to the main network router, the DHCP requests started being sent to the "Outside" zone and essentially the session just locks. When I delete that session, it starts going back the proper way and DHCP begins working again.
It may be completely unrelated, but the session browser might be a good place to see anything odd happening.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!