Enable DHCP relay

You must select which interfaces perform DHCP relay. Activate the relay on the interface toward the DHCP clients.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click an NGFW Engine, then select Edit <element type>.
  2. Browse to Interfaces.
  3. Right-click a physical, VLAN, or Port Group interface, then select Edit <interface type>.
    • When configuring VLAN interfaces, set the DHCP relay separately for each VLAN.
    • When configuring Port Group interfaces, set the DHCP relay separately for each Port Group.
  4. Enable IPv4 DHCP relay, IPv6 DHCP relay, or both.
    • On the DHCPv4 tab, select DHCPv4 Relay from the DHCP Mode drop-down list.
    • On the DHCPv6 tab, select DHCPv6 Relay from the DHCP Mode drop-down list.
  5. On each tab where you enabled DHCP relay, select the DHCP server from the list of servers on the left, then click Add.
  6. (Optional) From the DHCP Relay drop-down list, select the CVI or IP address that you want to use for DHCP Relay.
  7. Click OK.
  8. (Optional) Allow connections from interfaces on which DHCP relay is active to remote DHCP servers using automatic rules.
    1. Browse to Policies > Automatic Rules.
    2. Next to Allow Connections from Local DHCP Relay to Remote DHCP Server, select Yes.
    Note: To relay DHCP messages through a policy-based VPN, you must add specific Access rules to allow the traffic. The Access rules must refer to the correct policy-based VPN.
  9. Click Save to save and validate changes.

Engine Editor > Policies > Automatic Rules

Use this branch to view a summary of currently used Automatic rules and change general settings for Automatic rules.

Option Definition
To Firewall section

(Firewall/VPN role only)
Allow Traffic to Authentication Ports When Yes is selected, allows traffic to the ports that are used for user authentication.
Allow Traffic from Listening IP Addresses to DNS Relay Port When Yes is selected, allows traffic from clients in the internal network to the standard DNS ports (53/TCP and 53/UDP) on the interfaces that are selected as listening interfaces for DNS relay.
From Firewall section

(Firewall/VPN role only)
Allow Connections to Domain-Specific DNS Servers When Yes is selected, allows connections from the firewall to the domain-specific DNS servers specified in the DNS Relay Profile element that is selected for firewall.
Allow Connections from Local DHCP Relay to Remote DHCP Server When Yes is selected, allows connections from interfaces on which DHCP relay is active to remote DHCP servers.
Note: To relay DHCP messages through a policy-based VPN, you must add specific Access rules to allow the traffic. The Access rules must refer to the correct policy-based VPN.
Log Level for Automatic Rules The log level for traffic that matches automatic rules.
  • None — Does not create any log entry.
  • Alert — Triggers an alert entry.
  • Essential — Creates a log entry that is shown in the Logs view and saved for further use.
  • Stored — Creates a log entry that is stored on the Log Server.
  • Transient — Creates a log entry that is displayed in the Current Events mode in the Logs view (if someone is viewing it) but is not stored.
Alert When the Log Level is set to Alert, specifies the Alert that is sent.
Reset to Default Settings Returns Automatic Rule changes to the default settings.