Configure a DHCP server on the Windows server or on the Infoblox server

Table of Contents

Where Can I Use This?	What Do I Need?
NGFW (managed by Panorama)	GlobalProtect Subscription License PAN-OS 11.2 (or a later PAN-OS version) GlobalProtect app 6.0.8, 6.2.1 or later versions GlobalProtect endpoints running on Windows, macOS, Android, iOS, and Linux

You can configure a DHCP server on the Windows server or on the Infoblox server

Configure DHCP Server on the Windows Server

Server on the Windows Server

Log into Microsoft Server Manager.

For the latest information on configuring DHCP server, refer to the Microsoft documentation
On the Microsoft Server Manager Dashboard, select Add roles and features.
On the Before you begin screen, click Next.
Select the installation type and click Next.
Select the destination server from the Server Pool area and click Next.
Select the Server Roles and click Next.
Select features and click Next.
Click Tools and select DHCP.
Select IPv4 and right-click and select the New Scope option.
Click Next on the New Scope Wizard.
Enter the range of IP addresses the new scope will use to distribute.

The range of DHCP IP pool address pool you configure in the DHCP server should match the management interface IP addresses in the GlobalProtect gateway. If you configure DHCP IP addresses incorrectly on the DHCP server, the traffic will not flow as expected.
(Optional) Enter the range of IP addresses that you want to exclude and will not be distributed by the server.
Configure DHCP options and click Next.
Click Next on the Domain Name and DNS server window.
The new scope of IP addresses is added under IPv4. Right-click on the new scope and select Add to SuperScope.
The added IP addresses will be displayed under the Connections tab on the GlobalProtect app.

Under Scope, click on the Policy and select New Policy.
Enter the policy name and description.
Click Addto add the circuit ID as part of the policy rule.
Select Context as Relay Agent Information and Operator as Equals.
Select Agent Circuit ID and enter the Circuit ID of the GlobalProtect from the firewall (NetworkGlobalProtectGlobalProtect Gateway<globalprotect-gateway-config>AgentClient IP PoolDHCP Server Circuit ID.)
Click OK.
Add the IP Address range of the scope in the policy and click Next.
Click Next again and then click Finish to save the configurations.

For the latest information on configuring DHCP server, refer to the Infoblox documentation such as DHCP server on the Infoblox server.

Log into the Infoblox Grid Manager.
Click Add Networks to add a new network.
Ensure that DHCP and DNS are enabled and running on the GRID.
Click Add under Toolbar to add IPv4 network.
Click Next to add IPv4 Network.
Add the network IP address and click Next.
Add Infoblox members.
After adding the member, click Next.
(Optional) Modify the default Lease time and click Next.
Click Next.
Restart the service to reflect the configurations added for the new network.
To add Shared Network, go to DHCPNetworksShared Networks.
Create all your networks under one Shared Network.
Click on the shared network to add a range of IP addresses.
Click on range to add range of IP addresses and click Next.
Click Next to add other details and proceed until the restart screen appears. Restart Grid to reflect the new configurations added.
After adding the IPv4 ranges, the IP addresses within the range will be displayed under the Shared Networks tab. Click Edit to edit the details.
(Optional)Enter the range of IP addresses you want to exclude from the range. Click the Add sign to add the Exclusion Ranges .
Click Save & Close.
You can leave the exclusion range empty if you do not want to exclude any IP addresses.
Click Next to proceed and enter the details such as grid member, schedule change, and so on, until you finally Save and Close the configurations.
After creating the DHCP configuration, you can create filters with Gateway Name.
You can view the relay agent details of the GlobalProtect gateway.