DHCP

You can configure XG Firewall as a DHCP server to dynamically allocate unique IP addresses to clients in a network.

It also provides configuration details, such as the subnet mask, the default gateway, DNS servers, and WINS servers to clients.

You can configure XG Firewall as a DHCP relay agent to relay leased IP addresses to clients, such as endpoints, servers, and routers, on a different subnet from the DHCP server.

You can also view lease records.

DHCP server: As a DHCP server, XG Firewall assigns IP addresses to DHCP clients from the IP address range you specify. The server releases the IP addresses when the clients leave the network. Once an address is released, it's reused. You can also configure the server to assign static IP addresses mapped to clients' MAC addresses.

A DHCP server leases IP addresses directly to clients within the same network. To lease IP addresses to clients in other networks, you need to configure a DHCP relay agent.
Note You can only configure XG Firewall as the DHCP server if you deploy it in gateway mode or mixed mode.
  • To create a DHCP server, go to the Server section and click Add.

DHCP relay agent: You can configure XG Firewall as a DHCP relay agent. It then forwards DHCP requests from clients to DHCP servers in subnets other than the client subnet. It also forwards the leased IP address from servers to DHCP clients.

If you're using an external DHCP server instead of configuring it on XG Firewall, you must configure the server to route the DHCP packets through the relay agent's interface.

Caution Do not create a DHCP relay agent on the interface used by the DHCP server. The agent won't forward clients' requests, including clients in a network other than the DHCP server's.

You can also configure agents to relay DHCP packets through IPsec VPN tunnels.

  • To create a DHCP relay, go to the Relay section and click Add.

DHCP client: DHCP clients are hosts, such as endpoints, servers, and routers, that receive dynamic IP addresses from the DHCP server. Clients request an IP address. You must configure the clients to get IP addresses using DHCP.

Use cases

You can configure the DHCP server and relay agents as follows:
  • Head office: Configure the DHCP server on an XG Firewall device installed at the head office. To lease IP addresses to clients in the head office, you can also configure a DHCP relay agent on XG Firewall.

    Example: Assign a WAN interface to the DHCP server, and assign LAN or alias interfaces to the relay agent configurations on XG Firewall if you're allocating IPv4 addresses. For IPv6 addresses, you can only configure XG Firewall as a DHCP server or a relay agent.

    Alternatively, configure a third-party server, such as a Windows Server, within your network and create the corresponding firewall rules to allow DHCP traffic between the server and the remote gateway.

  • Branch office: Configure XG Firewall or routers at the branch office as DHCP relay agents to forward DHCP client and server requests. The DHCP server is at the head office.
  • IPsec tunnels: You can configure site-to-site IPsec tunnels for DHCP traffic between the relay agent and the DHCP server.

Configure XG Firewall as a DHCP server for multiple networks

You can enable XG Firewall to act as a DHCP server and lease IP addresses to clients in other networks.

On XG Firewall, do as follows:

  1. Specify the interface to use on the firewall and select the check box to accept client request for relay.
  2. Specify the router's IP address as the gateway in the DHCP server configuration.
  3. Specify the IP range and subnet mask of the client network.

On each router, do as follows:

  1. Configure a DHCP relay agent for the required networks.
  2. Specify the local interface.
  3. Specify the DHCP server's IP address.