BOOTPS (UDP/67) traffic on DMZ interface of Firewall

Advanced search

[rockysam39]

I have a question about the following dropped packets I see in SmartView Tracker.

Number:                         2715947
Date:                              26Jun2008
Time:                             11:47:56
Product:                         VPN-1 Power/UTM
Interface:                       eth6
Origin:                            UFBEJ10001
Type:                             Log
Action:                            Drop
Protocol:                        udp
Service:                         bootps (67)
Destination:                   bc-255.255.255.255 (255.255.255.255)
Rule:                              7
Current Rule Number:   7-CNFWMarch2008
Source Port:                   bootpc (68)
Rule UID:                       {55E7EB4A-BEBB-4DC9-9CBA-9EF2B7A36055}
Policy Info:                    Policy Name: CNFWMarch2008
                                      Created at: Thu Jun 26 15:30:10 2008
                                      Installed from: SmartCenter-India-1


We see these dropped packets continuously on the eth6 of the Resilience box we have, running NGX R61.

This interface is for the DMZ, which is connected to a Layer 2 Switch (Cisco 2960, not configured yet) and the switch has one Juniper box & 2 DELL servers connected (none of these devices are configured yet).

I shutdown all the devices connected to the L2 Switch but that did not help . I even had all the devices unplugged from the Switch but we still get the dropped packets. I also turned the interface down and then turned it back up but to no effect.

Can anyone please help me understand why its happening. Let me know if you need more information to analyse.

I'm sure something something in the Switch is generating that traffic...can anyone help me understand what that is and how I can stop that traffic?

[juve]

sniff on the firewall so you can get the mac address. That can help you find out what the source is, using the OUI.

• Articles
• Knowledge base