Security appliance has detected a rogue DHCP server
Once a week we get an alert:
The security appliance in the Redacted - appliance network has detected a rogue DHCP server in your network.
A rogue DHCP server was found on VLAN 1 serving addresses with the subnet redacted/24. The server has MAC address redacted and IP redacted
The MAC and IP it shows are for a Windows server on the network that is the legitimate DHCP server for the network. The security device itself is set to ignore DHCP requests on VLAN 1. I have checked the DHCP servers & ARP page under switch and the DHCP server is listed there as allowed.
I would like to be able to stop these false positives without turning the rogue DHCP detection off completely. Does anyone know of a way to do this?