DHCP Problems with Checkpoint Router

I've replaced my actiontec with a Checkpoint UTM-1 Edge router so I can use VPN capabilities plus do some vlan stuff behind the firewall.

My problem is every 1 hour 55 minutes and 3 seconds the checkpoint issues the following 2 lines in it's log:

00080,28May2008,11:16:47,Primary Cable Modem connection terminated after 1 hour(s), 55 minute(s), 2 second(s)
00081,28May2008,11:16:50,Primary Cable Modem connection established, IP address 72.65.65.86 assigned

If there are any music or video streams playing they abruptly stop and have to be manually restarted. This is a problem because it happens every 2 hours!!!

I packet sniffed this event and here's some information: (summary of packets before and after the event)

No. Time Source Destination Protocol Info
112 2.227493 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0xa8034875
510 10.012668 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0x7bd966db
991 18.125920 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0xa7a75d99
1418 26.495714 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0x68eaa12e
1808 34.277336 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0x7e574aa1
2212 42.487518 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0x19050a58
2638 50.807336 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0x5b9bd124
3023 58.137272 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0x439a93b5
3415 66.022055 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0xe71db017
3893 74.857290 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0x38987112
4267 82.357493 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0x9f6a2b54
4317 83.367311 0.0.0.0 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xe6c6bf38
4323 83.569100 72.65.65.1 255.255.255.255 DHCP DHCP Offer - Transaction ID 0xe6c6bf38
4325 83.744117 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0x31983444
4328 84.119368 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0xb1d4400c
4329 84.177709 72.65.65.1 255.255.255.255 DHCP DHCP ACK - Transaction ID 0x31983444
4330 84.377969 72.65.65.1 255.255.255.255 DHCP DHCP ACK - Transaction ID 0xb1d4400c

I've also got the full packet traces if anyone wants to look at them.

I'm desperate to make this UTM-1 work as it has so many features that I need.

Can anyone help me decode these traces and make any sense as to why this is happening. One thing I noticed in the summary above is that packets 4323, 4329 & 4330 refer to 72.65.65.1 which is NOT my public IP. My public IP is 72.65.65.86. Why is this happening? Also it would appear that ever 8 seconds my router is asking to renew the lease but Verizon does not reply. I believe this is allowing the lease to expire which then creates the disconnect and reassignment of the same IP but at this point the damage is done.

Here's one of the DHCP request operations:

Frame 112 (590 bytes on wire, 590 bytes captured)
Arrival Time: May 28, 2008 11:15:26.216912000
[Time delta from previous captured frame: 0.063356000 seconds]
[Time delta from previous displayed frame: 2.227493000 seconds]
[Time since reference or first frame: 2.227493000 seconds]
Frame Number: 112
Frame Length: 590 bytes
Capture Length: 590 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Sofaware_51:2e:1c (00:08:da:51:2e:1c), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: Sofaware_51:2e:1c (00:08:da:51:2e:1c)
Address: Sofaware_51:2e:1c (00:08:da:51:2e:1c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 (255.255.255.255)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 576
Identification: 0x0000 (0)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: UDP (0x11)
Header checksum: 0xb9ad [correct]
[Good: True]
[Bad : False]
Source: 0.0.0.0 (0.0.0.0)
Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Source port: bootpc (68)
Destination port: bootps (67)
Length: 556
Checksum: 0xfa90 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0xa8034875
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 72.65.65.86 (72.65.65.86)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: Sofaware_51:2e:1c (00:08:da:51:2e:1c)
Server host name not given
Boot file name not given
Option: (t=53,l=1) DHCP Message Type = DHCP Request
Option: (53) DHCP Message Type
Length: 1
Value: 03
Option: (t=61,l=7) Client identifier
Option: (61) Client identifier
Length: 7
Value: 010008DA512E1C
Hardware type: Ethernet
Client MAC address: Sofaware_51:2e:1c (00:08:da:51:2e:1c)
Option: (t=12,l=6) Host Name = "QCH-1"
Option: (12) Host Name
Length: 6
Value: 5143482D3100
Option: (t=50,l=4) Requested IP Address = 72.65.65.86
Option: (50) Requested IP Address
Length: 4
Value: 48444456
Option: (t=54,l=4) Server Identifier = 72.65.65.1
Option: (54) Server Identifier
Length: 4
Value: 48444401

IF anyone can help I'd really appreicate it. I'm trying the same with Checkpoint and Sofaware (software mfgr), but having a hard time since I don't have "paid support".

Any insights would be helpful.

As an update. I dropped back to FW 7.0.52 and my music streams have been playing for the past 12 hours uninterrupted. No entries in the VPN-1 Edge log about disconnects or re-assigning IP address like in the newer firmwares.

Also, I sniffed WAN PORT traffic on the .52 FW and did not see the 8 second DHCP requests like I did in the later version.

Roveer

I know you solved your problem already, but I will answer our questions about the DHCP packet capture.


-Can anyone help me decode these traces and make any sense as to why this is happening. One thing I noticed in the summary above is that packets 4323, 4329 & 4330 refer to 72.65.65.1 which is NOT my public IP. My public IP is 72.65.65.86

Below are the rough steps/states a client passes through during a DHCP exchange.

Initializing
Selecting
Requesting
Bound

Moving between the states listed above the following messages are exchanged between client/server (few more but I only listed the ones you see in your packet capture).

DHCPDISCOVER
The client is looking for available DHCP servers.

DHCPOFFER
The server response to the client DHCPDISCOVER.

DHCPREQUEST
The client broadcasts to the server, requesting offered parameters from one server specifically, as defined in the packet.

DHCPDECLINE
The client-to-server communication, indicating that the network address is already in use.

DHCPACK
The server-to-client communication with configuration parameters, including committed network address.


Packets 4323, 4329 & 4330 are the actual DHCP server or relay server responding to your firewall's DHCP request (noticed the header No. Time Source Destination Protocol Info). In your packet capture the IP 0.0.0.0 is your firewall since it has not received an IP address yet.

Regarding the actual issue, might be bad code specific to how the firewall deals with DHCP lease time. I cannot believe an ISP would set 2 hour DHCP lease.