Focus

Next-Generation Firewall

DHCP

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Create a GRE Tunnel over a Cellular Interface

Firewall as a DHCP Server and Client

DHCP

DHCP provides TCP/IP and link-layer configuration parameters and provides network addresses to dynamically configured hosts on a TCP/IP network.

Where Can I Use This?	What Do I Need?
NGFW (Managed by PAN-OS or Panorama)

This section describes Dynamic Host Configuration Protocol (DHCP) and the tasks required to configure an interface on a Palo Alto Networks^® firewall to act as a DHCP server, client, or relay agent. By assigning these roles to different interfaces, the firewall can perform multiple roles.

DHCP is a standardized protocol defined in RFC 2131, Dynamic Host Configuration Protocol. DHCP has two main purposes: to provide TCP/IP and link-layer configuration parameters and to provide network addresses to dynamically configured hosts on a TCP/IP network.

DHCP uses a client-server model of communication. This model consists of three roles that the device can fulfill: DHCP client, DHCP server, and DHCP relay agent.

A device acting as a DHCP client (host) can request an IP address and other configuration settings from a DHCP server. Users on client devices save configuration time and effort, and need not know the network’s addressing plan or other resources and options they are inheriting from the DHCP server.
A device acting as a DHCP server can service clients. By using any of three DHCP Address Allocation Methods, you save configuration time and have the benefit of reusing a limited number of IP addresses when a client no longer needs network connectivity. The server can deliver IP addressing and many DHCP options to many clients.
A device acting as a DHCP relay agent transmits DHCP messages between DHCP clients and servers.

DHCP uses User Datagram Protocol (UDP), RFC 768, as its transport protocol. DHCP messages that a client sends to a server are sent to well-known port 67 (UDP—Bootstrap Protocol and DHCP). DHCP Messages that a server sends to a client are sent to port 68.

An interface on a Palo Alto Networks^® firewall can perform the role of a DHCP server, client, or relay agent. The interface of a DHCP server or relay agent must be a Layer 3 Ethernet, Aggregated Ethernet, or Layer 3 VLAN interface. You configure the firewall interfaces with the appropriate settings for any combination of roles. The behavior of each role is summarized in Firewall as a DHCP Server and Client.

The firewall can also function as a DHCPv6 client, with or without prefix delegation.

The firewall supports DHCPv4 Server and DHCPv6 Relay.

The Palo Alto Networks implementation of DHCP server supports IPv4 addresses only. Its DHCP relay implementation supports IPv4 and IPv6. DHCP client supports IPv4 and IPv6 addresses. DHCP client is not supported in High Availability active/active mode.

The management interface on the firewall supports both DHCP client and dynamic IPv6 address assignment.

Create a GRE Tunnel over a Cellular Interface

Firewall as a DHCP Server and Client

Next-Generation Firewall Docs

DHCP

Next-Generation Firewall Docs

DHCP

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner