cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


138
Views
0
Helpful
0
Replies
Highlighted
Beginner

Zone Based Firewall (ZBFW) and DHCP

I ran into issue with DHCP with ZBFW. I read this official guide from Cisco:

 

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/116117-configure-dhcp-zbf-00.html

 

But I am even more confused. Why is it suggesting us to bypass all UDP 67/68 traffic?

 

access-list extended 111
10 permit udp any any eq 67

access-list extended 112
10 permit udp any any eq 68

Wouldn't this opens up a bigger hole than necessary?

 

My router is both an DHCP client and server. But it seems to me that one can get away with a much more restricted ACL. To be honest, I am quite disappointed that ZBFW does not "just work" with DHCP.