Ip helper ip address blocked as spoofing
Hi
M370 running 12.10.1
I have enabled ip helper on a Cisco IOS vlan where the ip helper address is on a remote bovpn tunnel. The Cisco vlan has the static ip address assigned in the same subnet as the WG vlan. The WG vlan interface is also configured to run as a DHCP server which is working.
So my Cisco vlan settings are:
ip address static (same subnet)
ip helper ip address to WG vlan dhcp server
ip address ip address to Aruba Clearpass server
The problem is Fireware blocks the ip helper BOOTP/DHCP Server packets send to the Clearpass server as spoofing.
Webshop-HA2 Deny SOURCE-IP DEST-IP bootps/udp 67 67 Internal network Firebox ip spoofing sites 328 255 (Internal Policy)
Why do fireware do this as the ip subnet is already configured on the WG vlan interface?
Regards
Robert
Comments
Seems to me that the source IP addr is expected to be coming from the WG VLAN and not the Cisco VLAN.
Do the 2 VLANs have the same VLAN ID?
Are they on different WG firewall interfaces?
@Bruce_Briggs
Same vlan id 3 and on the same fysical interface.