Skip to content

Add a DHCPv4 server

You can configure Sophos Firewall as a DHCP server to dynamically provide IP addresses and network parameters to clients in a network.

You can also configure the server to assign static IP addresses mapped to clients' MAC addresses.

  1. Go to Network > DHCP.
  2. Under Server, click Add.
  3. Enter a name.
  4. Specify the settings.

    Setting Description
    Interface

    Interface to use for the DHCP server. The firewall listens for DHCP queries on this interface. Don't specify this interface as the DHCP relay interface for any relay agent.

    To respond to clients within the server's subnet, select an interface that belongs to the clients' subnet.

    To respond to relay agents for clients in other subnets, you must create as many server configurations as there are subnets to respond to because network parameters, such as the default gateway, differ for each subnet. You can use a single server interface to respond to requests from relay agents.

    Accept client request via relay Accepts DHCP requests through a DHCP relay agent from clients belonging to a subnet that's different from the server's.
    Dynamic IP lease Ranges from which the DHCP server allocates IP addresses to clients. DHCP clients in the server's subnet: The range must belong to the same subnet as the interface.
    DHCP clients in a different subnet: When you configure DHCP relay, the relay agent's interface must belong to the clients' subnet.
    Static IP MAC mapping

    MAC address-to-IP address mappings. When you specify these settings, Sophos Firewall assigns the IP address mapped to the host's MAC address. You can use this for servers and network devices that require a static IP address.

    If you bind a MAC address in more than one DHCP server configuration, make sure you run the following commands on the CLI to ensure the client gets the correct DHCP information:

    system dhcp conf-generation-method new

    system dhcp static-entry-scope global

    Subnet mask Subnet mask of the clients' network.
    Domain name DNS suffix (example: company.com or test.local) to add to the DHCP client's network adapter. The suffix is appended to hostnames, forming an FQDN, to resolve the client's DNS queries.
    Gateway

    Default gateway IP address for the clients' network. The gateway IP address and the IP address lease range must be in the same subnet.

    Select Use interface IP as gateway if you want to set the interface IP address as the gateway for clients. You can do this when the server leases IP addresses to clients within its subnet.

    For wireless access points and RED devices, the default gateway must be within the same subnet as the interface to which they're connected.

    Default lease time Time for IP address lease (in minutes) to clients.
    Max lease time Maximum lease time (in minutes). The client must send a new request to the DHCP server when the specified time expires.
    Conflict detection Select conflict detection to check if the IP address is in use before leasing.
  5. Specify the DNS servers you want the clients to contact. To specify Sophos Firewall as the primary and secondary DNS server, select Use device's DNS settings. Alternatively, you can enter the IP addresses of DNS servers you want the clients to contact.

  6. Specify the WINS servers you want the clients to contact.
  7. Specify the boot options to direct PXE clients to the server hosting a file with boot options.

    Setting Description
    Next-server The IP address of the server with the boot file.
    Boot file The full path and name of the boot file that clients must load from next-server.
  8. Specify the DHCP options.

    • Predefined options: You can select from a list of predefined DHCP options and their default values. See Appendix A – DHCP Options (RFC 2132).
    • Custom options: Allows you to set custom or vendor-specific DHCP options using the following settings:

      Setting Description
      Code The DHCP option code. See DHCP options.
      Type The type of data in the Value field. For example, boolean, string, IP address, and so on.
      Value Your custom or vendor-specific data.
  9. Click Save.