Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Configure DHCP boot options

When you use Sophos Firewall as a DHCP server, you can configure it to distribute boot configuration information to DHCP clients.

Introduction

DHCP options provide configuration information to DHCP clients. The options carry configuration parameters and other control information as tagged data items in the options field of a DHCP message. The data items represent the options specified by the vendor of the DHCP client.

Sophos Firewall supports all the specified DHCP options (1 to 255). For a complete list of the options, see DHCP options. Sophos Firewall supports the following standards:

  • RFC 2131: DHCP options and BOOTP vendor extensions
  • RFC 2132: Dynamic Host Configuration Protocol

Overview

This example shows how to configure Sophos Firewall to distribute boot information to DHCP clients. This provides PXE clients with a TFTP server IP address and gives those clients the path to the file containing boot information. Here is the network information:

  • Sophos Firewall DHCP server interface: 192.168.10.1
  • TFTP server: 192.168.10.3
  • Boot file location: boot.ipxe
  • DHCP clients: 192.168.10.55 to 192.168.10.254

Network schema.

Configure the DHCP server

Configure Sophos Firewall as the DHCP server, specifying the IP addresses you want to lease to the DHCP clients, DNS settings, and boot options. Do the following:

Note

For settings not mentioned, use the default values.

  1. Go to Network > DHCP > Server.
  2. Click Add.
  3. For General Settings, enter the following:

    Setting Value
    Name DHCP_boot_options
    Interface Port2 - 192.168.10.1
    Dynamic IP lease Start IP: 192.168.10.55
    End IP: 192.168.10.254

    Here's an example:

    Configure DHCP server.

  4. For DNS server, select Use device's DNS settings.

  5. For Boot options, enter the following:

    Setting Value
    Next-server 192.168.10.3
    Boot file boot.ipxe

    Here's an example:

    Boot options.

    Note

    In 20.0 and earlier versions, these settings configure DHCP options 66 and 67. In 20.0 MR1 and later versions, these settings configure the boot server and file as a separate DHCP header. You can configure DHCP options 66 and 67 in DHCP Options.

    When you migrate to 20.0 MR1 and later versions, Next-server and Boot file configuration is retained as both Boot options and DHCP options 66 and 67.

  6. Click Save.

DHCP clients now receive TFTP server and boot file information as part of the DHCP configuration from Sophos Firewall. PXE clients can use this information to locate the TFTP server and download the boot file.

More information