DHCP (Dynamic Host Configuration Protocol) allows clients to automatically obtain network configuration, such as IP address, subnet mask, default gateway, and DNS configuration, from a DHCP server.
You can create DHCP servers to handle DHCP requests or create DHCP relay services to relay DHCP traffic to external DHCP servers.
If you configure DHCP servers, to improve security, configure a DFW rule to allow traffic on UDP ports 67 and 68 only for valid DHCP server IP addresses.
A DFW rule that has
Logical Switch/Logical Port/NSGroup as the source,
Any as the destination, and is configured to drop DHCP packets for ports 67 and 68, will fail to block DHCP traffic. To block DHCP traffic, configure
Any as the source as well as the destination.