【NSF】LAN devices unable retrieve IP from NSF DHCP service
Issue Description
The DHCP service is configured on the firewall to provide the IP for the newly connect host device.
Error/Warning Logs
Handling Process
-
Ensure the host device able to reach the firewall LAN gateway interface.
-
Ensure that the DHCP pool is configured on the correct interface and subnet range.
-
Perform packet capture identify there is other node response that the IP address is occupied on the network.
-
Inspect if the source MAC address replied is belong to the firewall interface.
-
Inspect the NAT rules when the destination is configure as all and the source zone included the LAN zone will causing the firewall response with Gratuitous ARP.
Root cause
The Gratuitous ARP has been delivered by the firewall due to the destination IP is configured as all.
Solution
-
For the scenario that the environment is using dymanic IP, can consider to configure only public IP range for the destination IP on the NAT rules.
-
If the WAN IP is static, can configure the specific IP on the destination IP on the NAT rules.