Ip helper ip address blocked as spoofing
M370 running 12.10.1
I have enabled ip helper on a Cisco IOS vlan where the ip helper address is on a remote bovpn tunnel. The Cisco vlan has the static ip address assigned in the same subnet as the WG vlan. The WG vlan interface is also configured to run as a DHCP server which is working.
So my Cisco vlan settings are:
ip address static (same subnet)
ip helper ip address to WG vlan dhcp server
ip address ip address to Aruba Clearpass server
The problem is Fireware blocks the ip helper BOOTP/DHCP Server packets send to the Clearpass server as spoofing.
Webshop-HA2 Deny SOURCE-IP DEST-IP bootps/udp 67 67 Internal network Firebox ip spoofing sites 328 255 (Internal Policy)
Why do fireware do this as the ip subnet is already configured on the WG vlan interface?