Configuring DHCP relay for Check Point VSX NGX R65


This article describes how to configure DHCP relay for the Check Point VSX NGX application version R65.


Goal: To configure DHCP relay for VSX NGX.

Because of its virtualized nature, the VSX application cannot use the standard XOS DHCP relay capabilities. Instead, you must configure DHCP relay from within VSX. VSX NGX contains DHCP relay daemon which enables DHCP functionality across multiple subnets. 


To configure DHCP relay for VSX NGX

1.  From the Crossbeam CLI, add flow rules to the VSX cluster's VAP group to pass bootps and bootpc traffic to the master VAP such that all protocol 17 (UDP) traffic destined for port 67, with source ports of 67 and 68, is pass-to-master.

2. On each APM, in the /etc/sysconfig/dhcrelay.vrf/ directory, create a dhcrelay-vrfX file, where X is the VS for which you want to relay DHCP.

3.  Edit the file so that the contents are similar to the following:

   VRF=<VS number>
   DHCPSERVERS="<space separated list of IP addresses of your DHCP servers>"
   INTERFACES="<interface leading to DHCP server(s) or default route> <space separated list of interfaces of client networks>"

Note: The list of interfaces (be it server or client) should also include any warp links that must be traversed between client and server.

Important: The interface leading to the DHCP server network and/or the default route (if not locally attached) must be listed first. Please see Check Point article sk35181 for more information.

Example configuration for VS 1


   INTERFACES="wrp128 inside.100"

In this example, wrp128 is the uplink to the EVR (default gateway) and inside.100 serves the DHCP client workstations on this VS.