We have Sophos XG 230 firewall. We have window DHCP server and configure sophos as DHCP relay. We would like to block DHCP services to particular vlan. That means that Vlan should not request DHCP services from DHCP server.
we created a rule to block any service from DHCP server to sophos downlink IP.
Vlan to block DHCP>>>>>>>>>>10.1.1.1(sophos)11.1.1.1>>>>>>>>12.1.1.1(dhcp)
so we create rule source as DHCP server 12.1.1.1 and destination as 10.1.1.1 and drop the traffice. We thought this will block DHCP offer service.
source. 12.1.1.1
desti: 10.1.1.1
Services: any
we try both drop and reject.
And we also create another rule as below
source: vlan IP
destination: DHCP
Services: any
both drop and reject.
We believe this rule will block the dhcp renew request from that vlan to dhcp server.
Although we created above two rules and put at the top of the rule lists, that vlan is still getting IP address from DHCP server.
Please advise what other things we need to do.
This thread was automatically locked due to age.
