DHCP Relay on interface

[EtienneMILON]

Hello,

I try to configure a DHCP relay on an interface.
I tried with following parameters but it doesn't work :

• dhcp_relay={'element': ['some_href'], 'enabled': True, 'max_packet_size': 576, 'trusted_circuit': False}
• engine.interface.get("1").data['relayed_by_dhcp'] = True

Is there a possibility to do this?
I use fp-NGFW-SMC-python 0.7.0b23.

Best regards,
Etienne

[shibumi]

Hi @EtienneMILON can you show the full stacktrace or the error message?

[EtienneMILON]

Hello @shibumi ,

I had the exception : "smc.api.exceptions.UpdateElementFailed: Impossible to store the element mycluster_test. Element appears invalid: mycluster_test Firewall Cluster has an invalid Physical Interface configuration: Interface 0. One relayed by DHCP CVI belongs to this Physical Interface but it has no defined enabled DHCP relay."

I use the following code:

engine = FirewallCluster.create(
    name="mycluster_test",
    cluster_virtual="1.1.1.1",
    network_value="1.1.1.0/24",
    interface_id=0,
    macaddress="02:02:02:02:02:02",
    nodes=[
        {"address": "1.1.1.2", "network_value": "1.1.1.0/24", "nodeid": 1},
        {"address": "1.1.1.3", "network_value": "1.1.1.0/24", "nodeid": 2},
    ],
    domain_server_address=["1.1.1.1"],
    is_cert_auto_renewal=True,
)

interface = engine.interface.get("0")
interface.dhcp_relay = {'element': ['dhcp_server_href'], 'enabled': True, 'max_packet_size': 576, 'trusted_circuit': False}
interface.save()

for one in interface.interfaces:
    if one.typeof.lower() == "cluster_virtual_interface":
        one.relayed_by_dhcp = True
        one.save
        break

engine.update()

I don't have error with this code but in the SMC the interface has no DHCP relay configured.
I use SMC 6.5.14.

Etienne

[ggrimaux]

Hello,

I do not know if it can helps you but here it is what I've done to make it works

        """
        Add DHCP Relay on two vlan interface
        Then it is mandatory to get again engine in order to have 
        most recent etag and engine details. 
        """
        engine_to_update = Layer3Firewall(engine_name_to_update)
        intf = engine_to_update.interface.get(4)
        # Get interface JSON
        interface_details = SMCRequest(intf.href).read()
        for vlan in interface_details.json['vlanInterfaces']:
            if '4.20' in vlan['name'] \
               or '4.25' in vlan['name']:
                vlan['dhcp_relay'] = {"element": [dhcp_server_href],
                                      "enabled": True,
                                      "max_packet_size": 576,
                                      "trusted_circuit": False
                                      }
                vlan['interfaces'][0]['single_node_interface']['relayed_by_dhcp'] = True

        SMCRequest(intf.href,
                   interface_details.json,
                   etag=intf.etag).update()

BR,
/Greg.

[EtienneMILON]

Hello Greg,

You were right, it works with interface.update():

engine = Engine(name="engine_name")
interface = engine.interface.get("interface_id")
interface.update(
    dhcp_relay={
        "element": ["DHCP_server_href"],
        "enabled": True,
        "max_packet_size": 576,
        "trusted_circuit": False,
    }
)
# And for the subinterface
sub_interface.update(relayed_by_dhcp=True)

I sometimes have exception but it works.
Could Forcepoint add it into fp-NGFW-SMC-python?

Best regards,
Etienne

[alexnogard]

Hello @EtienneMILON ,
How do you get the DHCPServer href ?

I can get an Host Elements href, but I couldn't find how to get a Server Element href

Thanks
Regards

[ggrimaux]

Hello @alexnogard ,

Here is an example:

dhcp_server = DHCPServer.create(
            name="My DHCP Server,
            address="10.1.1.22")
dhcp_server_href = dhcp_server.href

BR,
/Greg

[alexnogard]

Thanks @ggrimaux
It worked. The most complicate was to find the class :D.

Regards

[alexnogard]

@ggrimaux Last question :

When I try to set the DHCP Relay on VLAN Int :

interface = engine.interface.get('0.10')
interface.update(
dhcp_relay={
"element": ["http://xxx:8082/6.5/elements/dhcp_server/3033","http://xxx:8082/6.5/elements/dhcp_server/3034"],
"enabled": True,
"max_packet_size": 576,
"trusted_circuit": Fal se,
}
)

I've this error :
smc.api.exceptions.UpdateElementFailed: Impossible to update the specified interface for the target FWESTCL. An element is invalid: There must be one and only one relayed IPv4 Address to support the DHCPv4 Relay settings of the VLAN 0.10 Physical Interface.

I made a test, I created a cluster Interface (id 10) and a vlan (id 10), empty, and it worked.

So I dont understand what it's not working on my vlan 0.10

Thanks for your help

[EtienneMILON]

Hello,

As I understand, when there is a CVI for the interface you have to enable the "relayed_by_dhcp" option for the CVI.
For example:

interface = engine.interface.get('0.10')
for sub_interface in interface.interfaces:
    if sub_interface.typeof.lower() == "cluster_virtual_interface":
        sub_interface.update(relayed_by_dhcp=True)
        break

I also have exceptions sometimes but it looks to work. I think these exceptions are more warning than error.

Best regards,
Etienne

[ggrimaux]

Hello,

Sorry for my late answer.

@EtienneMILON is right.
Here is what I just tested (just combined your code and @EtienneMILON one :))

my_engine = FirewallCluster("Greg-Test")

interface = my_engine.interface.get('1.10')
for sub_interface in interface.interfaces:
    if sub_interface.typeof.lower() == "cluster_virtual_interface":
        sub_interface.update(relayed_by_dhcp=True)
        break
interface.update(
    dhcp_relay={
        "element": [DHCPServer("Greg DHCP 1").href,
                    DHCPServer("Greg DHCP 2").href],
        "enabled": True,
        "max_packet_size": 576,
        "trusted_circuit": False,
    }
)

I hope this will help you.

BR,
/Greg.

[alexnogard]

Hello guys,
Sorry for late reply
Worked like a charm, many thanks :)