DHCP Server
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > Interfaces > PoE
- Network > Interfaces > Cellular
- Network > Interfaces > Fail Open
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
- Network > Proxy
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
- Network > Network Profiles > MACsec Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > IoT Security > DHCP Server Log Ingestion
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
- Device > Policy Recommendation > IoT or SaaS > Import Policy Rule
-
- Device > User Identification > Connection Security
- Device > User Identification > Terminal Server Agents
- Device > User Identification > Group Mapping Settings
- Device > User Identification> Trusted Source Address
- Device > User Identification > Authentication Portal Settings
- Device > User Identification > Cloud Identity Engine
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Firewall Clusters
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
DHCP Server
- Network > DHCP > DHCP Server
The following section describes each component of the DHCP server.
Before you configure a DHCP server, you should already have configured
a Layer 3 Ethernet or Layer 3 VLAN interface that is assigned to
a virtual router and a zone. You should also know a valid pool of
IP addresses from your network plan that can be designated to be
assigned by your DHCP server to clients.
When you add a DHCP server, you configure the settings described
in the table below.
DHCP Server Settings | Configured In | Description |
---|---|---|
Interface | DHCP Server | Name of the interface that will serve as
the DHCP server. |
Mode | Select enabled or auto mode. Auto mode
enables the server and disables it if another DHCP server is detected
on the network. The disabled setting disables
the server. | |
Ping IP when allocating new IP | DHCP ServerLease | If you click Ping IP when allocating
new IP, the server will ping the IP address before it
assigns that address to its client. If the ping receives a response,
that means a different firewall already has that address, so it
is not available for assignment. The server assigns the next address
from the pool instead. If you select this option, the Probe IP column
in the display will have a check mark. |
Lease | Specify a lease type.
| |
IP Pools | Specify the stateful pool of IP addresses
from which the DHCP server chooses an address and assigns it to
a DHCP client. You can enter a single address, an address/<mask
length>, such as 192.168.1.0/24, or a range of addresses, such as 192.168.1.10-192.168.1.20. | |
Reserved Address | Optionally specify an IP address (format
x.x.x.x) from the IP pools that you do not want dynamically assigned
by the DHCP server. If you also specify a MAC Address (format
xx:xx:xx:xx:xx:xx), the Reserved Address is
assigned to the firewall associated with that MAC address when that
firewall requests an IP address through DHCP. | |
Inheritance Source | DHCP ServerOptions | Select None (default)
or select a source DHCP client interface or PPPoE client interface
to propagate various server settings to the DHCP server. If you
specify an Inheritance Source, select one
or more options below that you want inherited from
this source. One benefit of specifying an inheritance source
is that DHCP options are quickly transferred from the server that
is upstream of the source DHCP client. It also keeps the client’s
options updated if an option on the inheritance source is changed.
For example, if the inheritance source firewall replaces its NTP
server (which had been identified as the Primary NTP server),
the client will automatically inherit the new address as its Primary
NTP server. |
Check inheritance source status | If you selected an Inheritance Source,
click Check inheritance source status to
open the Dynamic IP Interface Status window, which displays the
options that are inherited from the DHCP client. | |
Gateway | DHCP ServerOptions (cont) | Specify the IP address of the network gateway
(an interface on the firewall) that is used to reach any device
not on the same LAN as this DHCP server. |
Subnet Mask | Specify the network mask that applies to
the addresses in the IP Pools. | |
Options | For the following fields, click the drop-down
and select None or inherited,
or enter the IP address of the remote server that your DHCP server
will send to clients for accessing that service. If you select inherited,
the DHCP server inherits the values from the source DHCP client
specified as the Inheritance Source. The
DHCP server sends these settings to its clients.
| |
Custom DHCP options | Click Add and enter
the Name of the custom option you want the
DHCP Server to send to clients. Enter an Option
Code (range is 1-254). If Option Code
43 is entered, the Vendor Class Identifier (VCI) field
appears. Enter a match criterion that will be compared to the incoming
VCI from the client’s Option 60. The firewall looks at the incoming
VCI from the client’s Option 60, finds the matching VCI in its own
DHCP server table, and returns the corresponding value to the client
in Option 43. The VCI match criterion is a string or hex value.
A hex value must have a “0x” prefix. Select Inherited
from DCHP server inheritance source to have the server
inherit the value for that option code from the inheritance source
instead of you entering an Option Value. As
an alternative to this option, you can proceed with the following: Option
Type: Select IP Address, ASCII,
or Hexadecimal to specify the type of data
used for the Option Value. For Option Value,
click Add and enter the value for the custom
option. |