SRX chassis cluster - DHCP server does not work

Hello,

I configured DHCP server on a chassis cluster (SRX340) but it doesn't work. Here's my configuration:

root@SRX1# show system services dhcp-local-server 
group office {
    interface reth0.10;
}

address-assignment {
    pool office {
        family inet {
            network 192.168.4.0/24;
            range range1 {
                low 192.168.4.20;
                high 192.168.4.253;
            }
            dhcp-attributes {
                name-server {
                    192.168.4.1;
                }
                router {
                    192.168.4.1;
                }
                propagate-settings reth0.10;
            }
        }
    }
}

root@SRX1# show security zones security-zone trust 
interfaces {
    reth0.10 {
        host-inbound-traffic {
            system-services {
                ping;
                ssh;
                traceroute;
                dhcp;
            }
        }
    }
    st0.1;
    st0.2;
}

root@SRX1# show interfaces reth0 
vlan-tagging;
redundant-ether-options {
    redundancy-group 1;
    minimum-links 1;
    lacp {
        passive;
        periodic fast;
    }
}
unit 10 {
    vlan-id 10;
    family inet {
        address X.X.X.X/24;
        address 192.168.4.1/24;
    }
}
unit 666 {
    vlan-id 666;
    family inet {
        address 10.10.10.1/24;
    }
}

I configured traceoptions to see the traffic:

root@SRX1# show security flow traceoptions 
file dhcp1.log;
flag all;
packet-filter pf1 {
    destination-port 68;
}
packet-filter pf2 {
    destination-port 67;
}

Jan 15 15:24:05 15:24:05.089933:CID-2:RT:<0.0.0.0/68->255.255.255.255/67;17,0x0> matched filter pf2:
Jan 15 15:24:05 15:24:05.089933:CID-2:RT:packet [328] ipid = 15780, @0x5ee7d324
Jan 15 15:24:05 15:24:05.089933:CID-2:RT:---- flow_process_pkt: (thd 2): flow_ctxt type 15, common flag 0x0, mbuf 0x5ee7d100, rtbl_idx = 0
Jan 15 15:24:05 15:24:05.089933:CID-2:RT: flow process pak fast ifl 71 in_ifp reth0.10
Jan 15 15:24:05 15:24:05.089933:CID-2:RT:pkt info: 0.0.0.0(68) -> 255.255.255.255(67), 17, flags (0x1000)
Jan 15 15:24:05 15:24:05.089933:CID-2:RT:Received pkt on non-active link of reth/vsd (reth0.10/1)
Jan 15 15:24:05 15:24:05.089933:CID-2:RT:flow_proc_rc: -1.
Jan 15 15:24:05 15:24:05.089933:CID-2:RT: ----- flow_process_pkt rc 0x7 (fp rc -1)
Jan 15 15:24:05 15:24:05.089059:CID-1:RT:<0.0.0.0/68->255.255.255.255/67;17,0x0> matched filter pf2:
Jan 15 15:24:05 15:24:05.089059:CID-1:RT:packet [328] ipid = 15780, @0x5ebeda24
Jan 15 15:24:05 15:24:05.089059:CID-1:RT:---- flow_process_pkt: (thd 2): flow_ctxt type 15, common flag 0x0, mbuf 0x5ebed800, rtbl_idx = 0
Jan 15 15:24:05 15:24:05.089059:CID-1:RT: flow process pak fast ifl 71 in_ifp reth0.10
Jan 15 15:24:05 15:24:05.089059:CID-1:RT: find flow: table 0x53f2ac0, hash 42465(0xffff), sa 0.0.0.0, da 255.255.255.255, sp 68, dp 67, proto 17, tok 7, conn-tag 0x00000000
Jan 15 15:24:05 15:24:05.089059:CID-1:RT:check self-traffic on reth0.10, in_tunnel 0x0
Jan 15 15:24:05 15:24:05.089059:CID-1:RT:retcode: 0xc02
Jan 15 15:24:05 15:24:05.089059:CID-1:RT:pak_for_self : proto 17, dst port 67, action 0x2
Jan 15 15:24:05 15:24:05.089059:CID-1:RT:insert usp tag for apps
Jan 15 15:24:05 15:24:05.089059:CID-1:RT:  flow bypass session.
Jan 15 15:24:05 15:24:05.089059:CID-1:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
Jan 15 15:25:30 15:25:30.635069:CID-1:RT:<0.0.0.0/68->255.255.255.255/67;17,0x0> matched filter pf2:
Jan 15 15:25:30 15:25:30.635069:CID-1:RT:packet [328] ipid = 15783, @0x5ebf0d24
Jan 15 15:25:30 15:25:30.635069:CID-1:RT:---- flow_process_pkt: (thd 2): flow_ctxt type 15, common flag 0x0, mbuf 0x5ebf0b00, rtbl_idx = 0
Jan 15 15:25:30 15:25:30.635069:CID-1:RT: flow process pak fast ifl 71 in_ifp reth0.10
Jan 15 15:25:30 15:25:30.635069:CID-1:RT: find flow: table 0x53f2ac0, hash 42465(0xffff), sa 0.0.0.0, da 255.255.255.255, sp 68, dp 67, proto 17, tok 7, conn-tag 0x00000000
Jan 15 15:25:30 15:25:30.635069:CID-1:RT:check self-traffic on reth0.10, in_tunnel 0x0
Jan 15 15:25:30 15:25:30.635069:CID-1:RT:retcode: 0xc02
Jan 15 15:25:30 15:25:30.635069:CID-1:RT:pak_for_self : proto 17, dst port 67, action 0x2
Jan 15 15:25:30 15:25:30.635069:CID-1:RT:insert usp tag for apps
Jan 15 15:25:30 15:25:30.635069:CID-1:RT:  flow bypass session.
Jan 15 15:25:30 15:25:30.635069:CID-1:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
Jan 15 15:25:31 15:25:31.930980:CID-1:RT:<0.0.0.0/68->255.255.255.255/67;17,0x0> matched filter pf2:
Jan 15 15:25:31 15:25:31.930980:CID-1:RT:packet [328] ipid = 15784, @0x5ec003a4
Jan 15 15:25:31 15:25:31.930980:CID-1:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 15, common flag 0x0, mbuf 0x5ec00180, rtbl_idx = 0
Jan 15 15:25:31 15:25:31.930980:CID-1:RT: flow process pak fast ifl 71 in_ifp reth0.10
Jan 15 15:25:31 15:25:31.930980:CID-1:RT: find flow: table 0x53f2ac0, hash 42465(0xffff), sa 0.0.0.0, da 255.255.255.255, sp 68, dp 67, proto 17, tok 7, conn-tag 0x00000000

Clearly, there is some DHCP traffic coming to SRX, but it doesn't return to the end client. I checked tcpdump on client's side and there are only dhcp request, but no answer.