Netscreen 5GT cannot receive dynamic IP from ISP

Hi I have just replaced a working but old soho router with a new 5GT (ScreenOs 5.0) and I am having troubles to connect internet.

New 5GT was configured using setup wizard, everything is kept default. Trust uses NAT. trust port ip is 192.168.1.1/24. Trust acts as DHCP server to trust PCs. Untrust port receives IP from DHCP and acts as DHCP client. Trust and untrust ports are in trustvr. Policies untouched, by default trust to untrust everything is open.

Old soho router was sucessfully receiving it's dynamic IP and also DNS server IP from the ISP and was able to distribute 192.68.1.x network addresses and DNS server address to PC's in trust network. It was working fine.

But with 5GT it does not. Connections in trust network are OK. PC's are getting their IP's from 5GT is OK (except the DNS server address) Then DNS resolution fails. If I set the DNS server address manualy they are able to resolve web names but still can't receive web pages.

5GT reports: DHCP client is unable to get IP address for interface untrust

Has anybody an idea what I am missing?

This is the "get config" set clock timezone 0 set vrouter trust-vr sharable set vrouter "trust-vr" auto-route-export set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "VLAN" block set zone "VLAN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "trust" zone "Trust" set interface "untrust" zone "Untrust" unset interface vlan1 ip set interface trust ip 192.168.1.1/24 set interface trust nat unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface trust ip manageable set interface trust dhcp server service set interface trust dhcp server auto set interface trust dhcp server option lease 7200 set interface trust dhcp server option gateway 192.168.1.1 set interface trust dhcp server option netmask 255.255.255.0 set interface trust dhcp server ip 192.168.1.50 to 192.168.1.100 set interface untrust dhcp-client enable set flow tcp-mss set hostname ns5gt set ike respond-bad-spi 1 set pki authority default scep mode "auto" set pki x509 default cert-path partial set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit set global-pro policy-manager primary outgoing-interface untrust set global-pro policy-manager secondary outgoing-interface untrust set ssh version v2 set config lock timeout 5 set vrouter "untrust-vr" exit set vrouter "trust-vr" set preference ebgp 250 set preference ibgp 40 unset add-default-route exit