About every 2s, I get 4 x "Deny src_ip=0.0.0.0 dst_ip=0.0.0.0 pr=67/udp"
About every 2 seconds, I get the following on my second external port:
(It repeats 4 times)
"Deny src_ip=0.0.0.0 dst_ip=0.0.0.0 pr=67/udp src_port=0 dst_port=0 src_intf=2-External-2 dst_intf=Firebox msg=Denied pckt_len=328 ttl=128 policy=(Unhandled External Packet-00) proxy_action= proc_id="firewall" rc="101" msg_id="3000-0148" Traffic"
ATT happens to be the provider, if it matters.
Note: Ethernet Interface 0 has Spectrum as the provider and I do not get these errors/denial messages like this on that interface.
It looks like DHCP, but the interface (interface 2) is setup as a static.
Please let me know your thoughts.
Thank you for your time.
0
Sign In to comment.
Answers
Hi @Logan5
port 67 is part of BOOTP or DHCP, and is likely the ISP replying to DHCP requests elsewhere on their network. There may be DHCP clients somewhere on the network.
The firewall is denying it -- so it's being dropped at the firewall. Unless it's for some reason being allowed, there's nothing to worry about here.
If you'd like the traffic to stop, you'll need to contact your ISP and ask them to filter it before it gets to your firewall.
-James Carson
WatchGuard Customer Support
To stop seeing these in Traffic Monitor - you can add a DHCP-Server policy, From: External-2 To: Firebox, set it to Denied, and unselect Logging.