Ip helper ip address blocked as spoofing


M370 running 12.10.1

I have enabled ip helper on a Cisco IOS vlan where the ip helper address is on a remote bovpn tunnel. The Cisco vlan has the static ip address assigned in the same subnet as the WG vlan. The WG vlan interface is also configured to run as a DHCP server which is working.

So my Cisco vlan settings are:
ip address static (same subnet)
ip helper ip address to WG vlan dhcp server
ip address ip address to Aruba Clearpass server

The problem is Fireware blocks the ip helper BOOTP/DHCP Server packets send to the Clearpass server as spoofing.

Webshop-HA2 Deny SOURCE-IP DEST-IP bootps/udp 67 67 Internal network Firebox ip spoofing sites 328 255 (Internal Policy)

Why do fireware do this as the ip subnet is already configured on the WG vlan interface?



Sign In to comment.