DHCP Doesn't Work With Subnet Source Bypass


When using Cato as a DHCP server for one of your networks, clients are unable to obtain an IP address when the entire network is added to the site's Local Bypass configuration.

For example, consider the configuration below.

VLAN 2 is configured with a DHCP Range of The Gateway IP is

A Local Bypass entry exists for all of VLAN 2,

With this configuration, all clients on VLAN 2 are not allocated an IP address through Cato DHCP.

The Socket uses the Gateway IP address as the source to relay DHCP requests to Cato for IP allocation (the Socket itself does not act as a DHCP server). These requests must be sent through the tunnel, but since the Socket's Gateway IP address falls within the bypass range, the DHCP requests get sent out the WAN interface instead.


Configure the Source Bypass to exempt the Socket's Gateway IP address. In the example above, instead of entering the subnet using CIDR notation, can be used, a range that does not include the Gateway IP,





Was this article helpful?

1 out of 2 found this helpful


Add your comment