[VMC on AWS] DHCP non functional after enabling Whitelist feature on NSX Distributed Firewall
search cancel

[VMC on AWS] DHCP non functional after enabling Whitelist feature on NSX Distributed Firewall

book

Article ID: 329538

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

Symptoms:
  • DHCP requests are not received by DHCP server
  • logs similar to below are seen if logging is enabled
FIREWALL_PKTLOG: 3574c00a INET match DROP 2109 OUT 328 UDP 0.0.0.0/68->255.255.255.255/67

Cause

DFW rules with source or destination of the VMs or DHCP server will not cover the DHCP discovery message sent to broadcast.

Resolution

In order for the traffic to be passed you must create an Inventory Group with the IP 255.255.255.255/32 and allow traffic from sourced from any to destination this group with service group DHCP Client.

Powered by Wolken Software