Activate the internal DHCP server on a firewall interface

You can use the internal DHCP server in a Single Firewall or Firewall Cluster to assign IPv4 addresses to hosts in the protected network.

This solution is meant for small installations. It might be more practical to assign the IP addresses using the firewall rather than relay the DHCP requests from a separately maintained local DHCP server or from some other site’s DHCP server through a VPN.

The internal DHCP server can be set up independently on several Physical Interfaces, VLAN Interfaces, and Port Group Interfaces of an integrated Switch. When VLAN or Port Group Interfaces are configured, the DHCP server must be set up separately for each VLAN or Port Group. Only IPv4 addresses are supported. To use this feature, the Firewall interface must have at least one IPv4 address.

Note: You can use the internal DHCP server to provide IP addresses to the VPN client Virtual Adapter only if you use Single Firewalls as VPN gateways.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click a Single Firewall or Firewall Cluster element, then select Edit <element type>.
  2. In the navigation pane on the left, select Interfaces.
  3. Right-click a Physical Interface, VLAN Interface, SSID Interface, or Port Group Interface and select Edit Physical Interface, Edit VLAN Interface, Edit SSID Interface, or Edit Port Group Interface.
    The properties dialog box for the interface opens.
  4. On the DHCP tab, select DHCP Server from the DHCP Mode drop-down list.
  5. In the DHCP Address Range settings, define the IP addresses that the Firewall assigns to clients in one of the following ways:
    • Click Select, then select an Address Range element.
    • Click Address, then enter a single IP address or an IP address range.
    Note: The DHCP address range must be in the same network space defined for the Physical Interface. The DHCP address range must not contain the Firewall’s NDI or CVI addresses or broadcast IP addresses of networks behind the Firewall. On Firewall Clusters, the DHCP Address range is automatically divided between the nodes.
  6. (Optional) In the Primary DNS Server and Secondary DNS Server fields, enter the IP addresses of the external DNS servers that clients use to resolve domain names.
    If there is a listening IP address for DNS Relay on the same interface, clients use the DNS services provided by the firewall by default. If you want clients to use a different external DNS server, enter the IP address of the external DNS server in the Primary DNS Server field.
  7. (Optional) In the Primary WINS Server and Secondary WINS Server fields, enter the IP address that clients use to resolve NetBIOS computer names.
  8. In the Default Gateway field, enter the IP address of the gateway through which traffic from clients is routed.
  9. (Optional) In the Default Lease Time field, enter the length of time after which IP addresses assigned to clients must be renewed.
  10. (Optional) To configure DNS search suffixes, enter a comma-separated list of domain names in the Domain Name Search List field.
  11. (Optional, clusters only) Select Override DHCP Ranges per Node, then enter the IP address range for each node in the DHCP Address Range field.
    CAUTION:
    Enter unique ranges for each node. Overlapping ranges can cause IP address duplication.
  12. Click Save and Refresh to transfer the new configuration to the engines.