Firewall Enterprise can use DHCP to obtain an IP address for the external interface, but I am afraid there is no built-in DHCP service on the Firewall.
1 of 1 people found this helpful
We can act as a DHCP relay, so if you have a DHCP server in another network that is connected to the FW you can use that DHCP server to assign addresses in another network segment.
Thanks ! and how can i configure a DHCP forward to another interface (same network). It mean , I have a DHCP server connected to interface 1 of FW and interface 2 connected with a Access Point Wifi. how can i configure FW HDCP relay for laptop get ip when access wifi ...thanks !
You haven't said which version of the Firewall product you are running, but as you've indicated that your appliance is an S2008, I'm going to assume that it is version 8.
I've never had to do this myself before, but I have found a section of the manual is actually dedicated to this particular task - starting at page 390 in the v8.2.0 version of the product guide. It's only 3 pages-worth so it doesn't look as though it is terribly complex.
It seems to boil down to basic two steps:-
- Go to Network -> DHCP Relay and create an entry to tell the Firewall where your DHCP server is located.
- Create a Firewall rules for the "DHCP Relay" application/service, to allow the DHCP traffic to flow back and forth between the zone where the WiFi Access Point lives and the zone containing the DHCP server.
Thanks Phil !
I had to do like your advice (in book) ! but fail and i don't know how to create zone or interface ( layer 3) and forward dhcp relay,
This is my configure:
create interface 1 connect to DHCP Server with zone local and ip 192.168.100.2/24 (DHCP Server 192.168.100.1/24)
create interface 2 connect to Access Point with zone wifi and ip 192.168.111.1/24 ( Access Point 192.168.111.2/24)
set DHCP Relay is 192.168.100.1
create rule 1 application DHCP Relay, Source zone local, source any, Des zone wifi, des any
create rule 2 application DHCP Relay, Source zone wifi, source any, Des zone local, des any
while configure DHCP server range 192.168.100.50 - 192.168.100.100 subnet /24, default route 192.168.100.2, dns 22.214.171.124 ...ect...
so I miss something right ! please help .....thanks !
another way ! i thought how to create interface 1 and 2 into a vlan with a subnet domain local ???? but i can't ...can u show me ! thanks
You need to create 2 rules for DHCP Relay:
We need great e IP Broadcast
Allow DHCP Request:
Application: DHCP Relay
Source Zone: Wifi Zone -- Enpoint (Any v4)
Destenation Zone: DHCP Zone -- Enpoint ( Broadcast IP)
Allow DHCP Response
Application: DHCP Relay
Source Zone: DHCP Zone -- Enpoint ( Broadcast IP)
Destenation Zone: Wifi Zone -- Enpoint (Any v4)
Thanks galaxyus ! Can u show me how configure different interface (1 HDCP Server , 1 Access Point). I'm not done well ...huhuhu ..
thanks for your help !
You'll need to cconfigure interfaces and zones. Interfaces are the physical elements (the ports on the appliance) whereas the rules are created between zones.
A zone is just a logical placeholder and (more often than not) is a one-to-one relationship - internal interface=internal zone, external interface=external zone. But a zone can contain multiple interfaces - hence the need to have an interface *and* and zone.
When the firewall is initially configured, the internal and external interfaces & zones are created for you. If the DHCP server is sitting on your main LAN then there shoudn't be any need to do anything more as it will be located on your internal zone (assuming you went with the default names).
To create a new zone go to the Network -> Zone Configuration screen, click the green "+" button and create a new zone (call it "WiFi", for example).
To configure a new interface go to the Network -> Interfaces screen, pick a vacant interface and double-click on it. Give the interface a logical name ("WiFi Network"), select your previously configured zone and edit the "primary" IP address field - entering your chosen address (192.168.111.1/24).
Repeat these two steps if you do want to put your DHCP server in a separate zone/interface and once you've done that you should be able to follow galaxyus' instructions for creating the necessary rules.
DHCP Server : 192.168.100.1 /24 --- GW ----> 192.168.100.2 (em1 on FW)
- On DHCP greate Client Pool: 172.16.10.0/24
- Greate em2 on fw :172.16.10.1 -- Client Zone
Greate DHCP Relay Rule
- First rule will be from DHCP client zone to DHCP client zone
- Second one will be from DHCP server to Client zone where FW IP address of that zone should be in the destination
Hope this help!
Message was edited by: galaxyus on 3/7/12 1:47:43 AM CST