PXE Bootp broadcast

I am trying to start machines in PXE on the trusted LAN using the DHCP of my Firebox M370 Version 12.3.1.B585922
The server that must honor the response to the PXE clients is configured on a VLAN behind the Firebox.
The M370 correctly gives the client machines the DHCP address of the configured pool, but the broadcast of the request does not bypass the firewall,

"2021-03-26 14:56:35 HA1 Deny bootpc/udp 67 68 1-Trusted Firebox Denied 343 128 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148" Trafic"

Is there a way to authorize the broadcasting of this kind of packet? (bootp) through the firewall?


  • There is no option to allow broadcasts across a firewall interface.
    You would need the BOOTP issuer to be on the same logical LAN segment as the desired receiving devices.

  • edited March 2021

    Your only other option is to set up DHCP forwarding, which also will forward BOOTP broadcast packets.
    The destination for the forward would have to be a DHCP & BOOTP server and would give out DHCP IP addrs to the requesting device as well as BOOTP replies

  • Thank you Bruce for your feedback,
    For the first proposed solution, we use the appliance to secure a virtual environment (private cloud) which will contain the bootp server or at least its replica, this (private cloud) is linked in VPN with several other LANs (therefore this solution is not affordable for our organization) VPNs are configured on another solution (PepLink)
    For the second solution, is there any documentation to configure this transfer?
    Thank you very much for your time and help.

Sign In to comment.