The goal is to enable DHCP relay functionality in one or more VS (Virtual systems) running Check Point VSX R75.40VS and higher.
Please note the following exception: With Check Point R77, DHCP Relay does not function in VSX mode installations. See the following Known Anomaly in the Check Point R77 for XOS Release Notes:
ID 102118 DHCP Relay does not function in VSX mode installations.
Workaround: Contact Check Point Customer Support for a patch to resolve this issue.
1. In CLI, add the following DHCP-related flow rules to the relevant VAP group. These rules cover both client-to-server and server-to-client traffic directions. You may need to adjust the "priority" value to make sure there is no conflict with existing flow rules:ip-flow-rule dhcp_client_server
2. On each VAP in the VAP group, perform the following steps, as specified in the corresponding Check Point R7x Installation Guide section on "Configuring DHCP Relay for VSX Mode":
a) Create a symbolic link using the following command:
# ln -s /etc/init.d/dhcrelay /etc/rc3.d/S99dhcrelay
b) Create the following directory:
# mkdir -p /etc/sysconfig/dhcrelay.vrfc) Create a configuration file per Virtual System. (The configuration file must be identical on all members. <VSID> is the ID of each Virtual System.)
# vi /etc/sysconfig/dhcrelay.vrf/dhcrelay-vrf<VSID>d) Add the following settings to the dhcrelay-vrf<VSID> configuration file:
NOTE: Include the quotation marks in the DHCPSERVERS and the INTERFACES variables.
# /etc/init.d/dhcrelay restart