DHCP Configuration

The DHCP (Dynamic Host Configuration Protocol) service enables you to automate the process of assigning network settings to clients in the local network. In a network with a DHCP server, each network device can be dynamically assigned an IP address, gateway address, and DNS.

NGFW can also function as a DHCP relay by forwarding DHCP requests from clients located in different networks to a central DHCP server. For more details on configuring DHCP relay, see the Network Interface Configuration section.

In NGFW, you can create several IP address ranges to be assigned by DHCP. DHCP runs independently on each HA cluster node. To ensure the high availability of the DHCP service in a cluster, DHCP should be configured on both nodes with non-overlapping IP address ranges.

To add a DHCP range, click Add and provide these settings:

Name

Description

Enabled

Enables or disables the use of this DHCP range.

Node

The cluster node on which the range is being created.

Interface

Interface of the server which will assign IP addresses from the range being created.

IP range

The IP address range assigned to DHCP clients.

Mask

The subnet mask assigned to DHCP clients.

Lease time

The duration in seconds for which IP addresses are assigned.

Domain

The domain name assigned to DHCP clients.

Gateway

The gateway IP address assigned to DHCP clients.

Name servers

The DNS server IP addresses assigned to DHCP clients.

Reserved hosts

The MAC addresses and the associated IP addresses.

Ignored MAC

List of MAC addresses ignored by the DHCP server.

DHCP PXE boot

The server address and boot file name returned in response to a PXE boot request.

DHCP options

Option number and value. For the list of available options, see DHCP Options.

The assigned IP addresses are displayed in the Addresses pane. The administrator can release any leased IP address by selecting it and clicking Release.

Note For DHCP address leasing to work on an interface that resides in a zone with IP spoofing protection enabled, go to the IP spoofing protection tab and specify the IP lease ranges in the zone properties as well as the 0.0.0.0 address.