Configure an Interface as a DHCP Relay Agent

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Configure an Interface as a DHCP Client

DNS Proxy

Configure an Interface as a DHCP Relay Agent

Enable a firewall interface to transmit DHCP messages between clients and servers.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
NGFW, including those funded by Software NGFW Credits	One of these: AIOps for NGFW Premium or Strata Cloud Manager Pro Strata Cloud Manager Essentials (Supports only NGFWs)

To enable a firewall interface to transmit DHCP messages between clients and servers, you must configure the firewall as a DHCP relay agent. The interface can forward messages to a maximum of eight external IPv4 DHCP servers. A client DHCPDISCOVER message is sent to all configured servers, and the DHCPOFFER message of the first server that responds is relayed back to the requesting client.

You can configure a combined total of 500 DHCP servers and DHCP relay agents on all firewall models except for PA-5200 Series and PA-7000 Series firewalls.
On PA-5220 firewalls, you can configure a maximum of 500 DHCP servers and a maximum of 2,048 DHCP relay agents minus the number of DHCP servers configured. For example, if you configure 500 DHCP servers, you can configure 1,548 DHCP relay agents.
On PA-5250, PA-5260, and PA-7000 Series firewalls, you can configure a maximum of 500 DHCP servers, and a maximum of 4,096 DHCP relay agents minus the number of DHCP servers configured. For example, if you configure 500 DHCP servers, you can configure 3,596 DHCP relay agents.

Log in to Strata Cloud Manager.
Configure the interface that will act as a DHCP relay agent.
1. Configure a Layer 3 interface or Layer 3 VLAN interface.
2. Assign the Layer 3 interface to a logical router.
3. Assign the Layer 3 interface to a zone.
Select ManageConfigurationNGFW and Prisma AccessDevice SettingsDHCPDHCP Server Relay and select the Configuration Scope where you want to create the DHCP server relay agent.

Select a firewall from your Folders or select Snippets to configure the DHCP server relay agent in a snippet.
For the Interface Name, select the interface you want to be the DHCP relay agent.
For the IP Addresses, Add the address of the DHCP server to and from which you’ll relay DHCP messages.

You can add up to eight DHCP servers for a single DHCP relay agent.
Save.
Push Config to push your configuration changes.

Configure an Interface as a DHCP Client

DNS Proxy

Next-Generation Firewall Docs

Configure an Interface as a DHCP Relay Agent

Next-Generation Firewall Docs

Configure an Interface as a DHCP Relay Agent

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner