Hello,
I'll briefly explain the situation - i have DC servers which proviodes DHCP adresses to all VLANS, SRX works as gateway ( also as DHCP server for guest network which doesn't have any issues - every device gets IP addresses and so on...), but devices which are in networks can't get dynamic address - if i set to device address to static - works ( it can connect to internet, servers and etc.). I checked my cfg can't see any issues, but it feels like i'm missing something. (DC server is in Servers zone, LAN in Internal)
set security zones security-zone Servers host-inbound-traffic system-services all
set security zones security-zone Servers host-inbound-traffic protocols all
set security zones security-zone Servers interfaces ge-0/0/4.400 host-inbound-traffic system-services all
set security zones security-zone Servers interfaces ge-0/0/4.400 host-inbound-traffic protocols all
set security policies from-zone Servers to-zone Internal policy servers_to_internal match source-address any
set security policies from-zone Servers to-zone Internal policy servers_to_internal match destination-address any
set security policies from-zone Servers to-zone Internal policy servers_to_internal match application any
set security policies from-zone Servers to-zone Internal policy servers_to_internal match source-identity any
set security policies from-zone Servers to-zone Internal policy servers_to_internal then permit
set security policies from-zone Internal to-zone Servers policy internal_to_serv match source-address any
set security policies from-zone Internal to-zone Servers policy internal_to_serv match destination-address any
set security policies from-zone Internal to-zone Servers policy internal_to_serv match application any
set security policies from-zone Internal to-zone Servers policy internal_to_serv match source-identity any
set security policies from-zone Internal to-zone Servers policy internal_to_serv then permit
set security nat source rule-set nsw_srcnat from zone DMZ
set security nat source rule-set nsw_srcnat from zone IPcam
set security nat source rule-set nsw_srcnat from zone Internal
set security nat source rule-set nsw_srcnat from zone Servers
set security nat source rule-set nsw_srcnat from zone Voip
set security nat source rule-set nsw_srcnat from zone WiFi
set security nat source rule-set nsw_srcnat to zone untrust
set security nat source rule-set nsw_srcnat rule nsw-src-interface match source-address 0.0.0.0/0
set security nat source rule-set nsw_srcnat rule nsw-src-interface match destination-address 0.0.0.0/0
set security nat source rule-set nsw_srcnat rule nsw-src-interface then source-nat interface