DHCP and Simple Hub ACL Discussion
Posted: Tue Oct 08, 2019 2:57 pm
I have cascaded VPN for redundancy (with VMware SMP FT on the main controller).
I am trying to keep my clients from ever knowing about each other. I want them to talk to one IP and even then only on certain ports. I also only want that one IP to initiate communications to the clients only on specific ports.
The port restrictions will vary but this is not where I need help. Where I need help is at the end of my rules I need a deny all other traffic rule. This is causing me problems with DHCP.
I have tried allowing all 67/68 UDP and also from 0.0.0.0 to 255.255.255.255. This needs to specific to DHCP. I would love to deny that broadcast to the other clients, but that might not be possible; but if it is that is great too (it's denied with a client firewall now). It seems none of what I have tried works, it always causes DHCP process to fail. I am not sure what I am missing, also where can I find the log file with all the denials, that might help me classify the traffic being denied and allow it.
Thoughts?
I am trying to keep my clients from ever knowing about each other. I want them to talk to one IP and even then only on certain ports. I also only want that one IP to initiate communications to the clients only on specific ports.
The port restrictions will vary but this is not where I need help. Where I need help is at the end of my rules I need a deny all other traffic rule. This is causing me problems with DHCP.
I have tried allowing all 67/68 UDP and also from 0.0.0.0 to 255.255.255.255. This needs to specific to DHCP. I would love to deny that broadcast to the other clients, but that might not be possible; but if it is that is great too (it's denied with a client firewall now). It seems none of what I have tried works, it always causes DHCP process to fail. I am not sure what I am missing, also where can I find the log file with all the denials, that might help me classify the traffic being denied and allow it.
Thoughts?