9 Replies Latest reply on Mar 7, 2012 3:34 AM by galaxyus

    Why can't I config. Firewall Enterprise s2008 as a DHCP server?

      Hi everyone.

      I can'' config firewall s2008 as a DHCP server. It's a critical ploblem because of having no DHCP server on my LAN.

      How to solve this problem?

      Pls. help me !!!

        • 1. Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?
          PhilM

          Firewall Enterprise can use DHCP to obtain an IP address for the external interface, but I am afraid there is no built-in DHCP service on the Firewall.

           

          Sorry.

           

          -Phil.

          • 2. Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

            We can act as a DHCP relay, so if you have a DHCP server in another network that is connected to the FW you can use that DHCP server to assign addresses in another network segment.

            1 of 1 people found this helpful
            • 3. Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

              Thanks ! and how can i configure a DHCP forward to another interface (same network). It mean , I have a DHCP server connected to interface 1 of FW and interface 2 connected with a Access Point Wifi.  how can i configure FW HDCP relay for laptop  get ip when access wifi ...thanks !

              • 4. Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?
                PhilM

                You haven't said which version of the Firewall product you are running, but as you've indicated that your appliance is an S2008, I'm going to assume that it is version 8.

                 

                I've never had to do this myself before, but I have found a section of the manual is actually dedicated to this particular task - starting at page 390 in the v8.2.0 version of the product guide. It's only 3 pages-worth so it doesn't look as though it is terribly complex.

                 

                It seems to boil down to basic two steps:-

                 

                1. Go to Network -> DHCP Relay and create an entry to tell the Firewall where your DHCP server is located.
                2. Create a Firewall rules for the "DHCP Relay" application/service, to allow the DHCP traffic to flow back and forth between the zone where the WiFi Access Point lives and the zone containing the DHCP server.

                 

                -Phil.

                • 5. Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

                  Thanks Phil !

                     I had to do like your advice (in book) ! but fail and i don't know how to create zone or interface ( layer 3) and forward dhcp relay,

                  This is my configure:

                  create interface 1 connect to DHCP Server with zone local and ip 192.168.100.2/24 (DHCP Server 192.168.100.1/24)

                  create interface 2 connect to Access Point with zone wifi and ip 192.168.111.1/24 ( Access Point 192.168.111.2/24)

                  set DHCP Relay is 192.168.100.1

                  create rule 1 application DHCP Relay, Source zone local, source any, Des zone wifi, des any

                  create rule 2 application DHCP Relay, Source zone wifi, source any, Des zone local, des any

                  while configure DHCP server range 192.168.100.50 - 192.168.100.100 subnet /24, default route 192.168.100.2, dns 8.8.8.8 ...ect...

                   

                  so I miss something right ! please help .....thanks !

                  another way ! i thought how to create interface 1 and 2 into a vlan with a subnet domain local ???? but i can't ...can u show me ! thanks

                   

                  Thanks!

                  • 6. Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?
                    galaxyus

                    You need to create 2 rules for DHCP Relay:

                    We need great e IP Broadcast

                    Allow DHCP Request:

                    Application: DHCP Relay

                    Source Zone: Wifi Zone -- Enpoint (Any v4)

                    Destenation Zone: DHCP Zone -- Enpoint ( Broadcast IP)

                    Allow DHCP Response

                    Application: DHCP Relay

                    Source Zone: DHCP Zone -- Enpoint ( Broadcast IP)

                    Destenation Zone: Wifi Zone  -- Enpoint (Any v4)

                     

                    DHCP Relay.png

                     

                    Gala.

                    • 7. Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?

                      Thanks galaxyus ! Can u show me how configure different interface (1 HDCP Server , 1 Access Point). I'm not done well ...huhuhu ..

                      thanks for your help !

                      • 8. Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?
                        PhilM

                        You'll need to cconfigure interfaces and zones. Interfaces are the physical elements (the ports on the appliance) whereas the rules are created between zones.

                         

                        A zone is just a logical placeholder and (more often than not) is a one-to-one relationship - internal interface=internal zone, external interface=external zone. But a zone can contain multiple interfaces - hence the need to have an interface *and* and zone.

                         

                        When the firewall is initially configured, the internal and external interfaces & zones are created for you. If the DHCP server is sitting on your main LAN then there shoudn't be any need to do anything more as it will be located on your internal zone (assuming you went with the default names).

                         

                        To create a new zone go to the Network -> Zone Configuration screen, click the green "+" button and create a new zone (call it "WiFi", for example).

                         

                        To configure a new interface go to the Network -> Interfaces screen, pick a vacant interface and double-click on it. Give the interface a logical name ("WiFi Network"), select your previously configured zone and edit the "primary" IP address field - entering your chosen address (192.168.111.1/24).

                         

                        Repeat these two steps if you do want to put your DHCP server in a separate zone/interface and once you've done that you should be able to follow galaxyus' instructions for creating the necessary rules.

                         

                        -Phil.

                        • 9. Re: Why can't I config. Firewall Enterprise s2008 as a DHCP server?
                          galaxyus

                          Hi,

                           

                          DHCP Server : 192.168.100.1 /24 --- GW ----> 192.168.100.2 (em1 on FW)

                          - On DHCP greate Client Pool: 172.16.10.0/24

                          - Greate em2 on fw :172.16.10.1 -- Client Zone

                           

                          Greate DHCP Relay Rule

                          - First rule will be from DHCP client zone to DHCP client zone

                          - Second one will be from DHCP server to Client zone where FW IP address of that zone should be in the destination

                           

                          Hope this help!

                           

                          Gala.

                           

                          Message was edited by: galaxyus on 3/7/12 1:47:43 AM CST

                           

                          Message was edited by: galaxyus on 3/7/12 3:34:04 AM CST