cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 10

Why can't I config. Firewall Enterprise s2008 as a DHCP server?

Hi everyone.

I can'' config firewall s2008 as a DHCP server. It's a critical ploblem because of having no DHCP server on my LAN.

How to solve this problem?

Pls. help me !!!

9 Replies
Highlighted
Level 14
Report Inappropriate Content
Message 2 of 10

Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

Firewall Enterprise can use DHCP to obtain an IP address for the external interface, but I am afraid there is no built-in DHCP service on the Firewall.

Sorry.

-Phil.

Highlighted
Level 10
Report Inappropriate Content
Message 3 of 10

Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

We can act as a DHCP relay, so if you have a DHCP server in another network that is connected to the FW you can use that DHCP server to assign addresses in another network segment.

Highlighted
Level 7
Report Inappropriate Content
Message 4 of 10

Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

Thanks ! and how can i configure a DHCP forward to another interface (same network). It mean , I have a DHCP server connected to interface 1 of FW and interface 2 connected with a Access Point Wifi.  how can i configure FW HDCP relay for laptop  get ip when access wifi ...thanks !

Highlighted
Level 14
Report Inappropriate Content
Message 5 of 10

Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

You haven't said which version of the Firewall product you are running, but as you've indicated that your appliance is an S2008, I'm going to assume that it is version 8.

I've never had to do this myself before, but I have found a section of the manual is actually dedicated to this particular task - starting at page 390 in the v8.2.0 version of the product guide. It's only 3 pages-worth so it doesn't look as though it is terribly complex.

It seems to boil down to basic two steps:-

  1. Go to Network -> DHCP Relay and create an entry to tell the Firewall where your DHCP server is located.
  2. Create a Firewall rules for the "DHCP Relay" application/service, to allow the DHCP traffic to flow back and forth between the zone where the WiFi Access Point lives and the zone containing the DHCP server.

-Phil.

Highlighted
Level 7
Report Inappropriate Content
Message 6 of 10

Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

Thanks Phil !

   I had to do like your advice (in book) ! but fail and i don't know how to create zone or interface ( layer 3) and forward dhcp relay,

This is my configure:

create interface 1 connect to DHCP Server with zone local and ip 192.168.100.2/24 (DHCP Server 192.168.100.1/24)

create interface 2 connect to Access Point with zone wifi and ip 192.168.111.1/24 ( Access Point 192.168.111.2/24)

set DHCP Relay is 192.168.100.1

create rule 1 application DHCP Relay, Source zone local, source any, Des zone wifi, des any

create rule 2 application DHCP Relay, Source zone wifi, source any, Des zone local, des any

while configure DHCP server range 192.168.100.50 - 192.168.100.100 subnet /24, default route 192.168.100.2, dns 8.8.8.8 ...ect...

so I miss something right ! please help .....thanks !

another way ! i thought how to create interface 1 and 2 into a vlan with a subnet domain local ???? but i can't ...can u show me ! thanks

Thanks!

Highlighted

Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

You need to create 2 rules for DHCP Relay:

We need great e IP Broadcast

Allow DHCP Request:

Application: DHCP Relay

Source Zone: Wifi Zone -- Enpoint (Any v4)

Destenation Zone: DHCP Zone -- Enpoint ( Broadcast IP)

Allow DHCP Response

Application: DHCP Relay

Source Zone: DHCP Zone -- Enpoint ( Broadcast IP)

Destenation Zone: Wifi Zone  -- Enpoint (Any v4)

DHCP Relay.png

Gala.

Highlighted
Level 7
Report Inappropriate Content
Message 8 of 10

Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

Thanks galaxyus ! Can u show me how configure different interface (1 HDCP Server , 1 Access Point). I'm not done well ...huhuhu ..

thanks for your help !

Highlighted
Level 14
Report Inappropriate Content
Message 9 of 10

Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

You'll need to cconfigure interfaces and zones. Interfaces are the physical elements (the ports on the appliance) whereas the rules are created between zones.

A zone is just a logical placeholder and (more often than not) is a one-to-one relationship - internal interface=internal zone, external interface=external zone. But a zone can contain multiple interfaces - hence the need to have an interface *and* and zone.

When the firewall is initially configured, the internal and external interfaces & zones are created for you. If the DHCP server is sitting on your main LAN then there shoudn't be any need to do anything more as it will be located on your internal zone (assuming you went with the default names).

To create a new zone go to the Network -> Zone Configuration screen, click the green "+" button and create a new zone (call it "WiFi", for example).

To configure a new interface go to the Network -> Interfaces screen, pick a vacant interface and double-click on it. Give the interface a logical name ("WiFi Network"), select your previously configured zone and edit the "primary" IP address field - entering your chosen address (192.168.111.1/24).

Repeat these two steps if you do want to put your DHCP server in a separate zone/interface and once you've done that you should be able to follow galaxyus' instructions for creating the necessary rules.

-Phil.

Highlighted

Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

Hi,

DHCP Server : 192.168.100.1 /24 --- GW ----> 192.168.100.2 (em1 on FW)

- On DHCP greate Client Pool: 172.16.10.0/24

- Greate em2 on fw :172.16.10.1 -- Client Zone

Greate DHCP Relay Rule

- First rule will be from DHCP client zone to DHCP client zone

- Second one will be from DHCP server to Client zone where FW IP address of that zone should be in the destination

Hope this help!

Gala.

Message was edited by: galaxyus on 3/7/12 1:47:43 AM CST

Message was edited by: galaxyus on 3/7/12 3:34:04 AM CST
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community