I missed a sequence diagram for DHCP which not only shows the four basic messages (DISCOVER, OFFER, REQUEST, ACK), but also the used source/destination addresses and ports, the type of connection (unicast/broadcast), the differences between the initial and the renewing messages, and the needed firewall rules for allowing DHCP traffic to/from the own interface or to/from a DHCP relay agent.
Here it comes! 🙂
DHCPv4 Message Sequence Diagram
If there are any mistakes -> send me a comment.
Or download it as PDF
Security Policy on a Palo Alto
One quick example: With the usage of bidirectional policy rules on a Palo Alto, the only security policy needed for the whole DHCP setup is the following (DHCP between the DHCP server and the network – and vice versa):