>
    Strata Copilot
    Configure an Interface as a DHCPv4 Client
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. DHCP
    4. Configure an Interface as a DHCPv4 Client
    Download PDF
    Next-Generation Firewall

    Configure an Interface as a DHCPv4 Client

    Table of Contents

    Configure an Interface as a DHCPv4 Client

    Configure a firewall interface as a DHCPv4 client.
    Where Can I Use This?What Do I Need?
    • NGFW
    For Strata Cloud Manager managed NGFWs:
    • Strata Cloud Manager Pro
    • Strata Cloud Manager Essentials
    Before configuring a firewall interface as a DHCP client, make sure you have configured a Layer 3 interface (Ethernet, Ethernet subinterface, VLAN, VLAN subinterface, aggregate, or aggregate subinterface) and the interface is assigned to a virtual router and a zone. Configure an interface as a DHCP client if you need to use DHCP to request an IPv4 address for the interface.
    If the firewall interface needs a dynamic IPv6 address, Configure an Interface as a DHCPv6 Client (with or without prefix delegation).

    Configure an Interface as a DHCPv4 Client (PAN-OS)

    Configure a firewall interface as a DHCPv4 client in PAN-OS and Panorama.
    1. Configure an interface as a DHCP client.
      1. Select NetworkInterfaces.
      2. On the Ethernet tab or the VLAN tab, Add a Layer 3 interface or select a configured Layer 3 interface that you want to be a DHCPv4 client.
      3. Select the IPv4 tab and, for Type, select DHCP Client.
      4. Select Enable.
      5. (Optional) Enable the option to Automatically create default route pointing to default gateway provided by server enabled by default). Enabling this option causes the firewall to create a static route to the default gateway, which is useful when clients try to access many destinations that do not need to have routes maintained in a route table on the firewall.
      6. (Optional) Enable the option to Send Hostname to assign a hostname to the DHCP client interface and send that hostname (Option 12) to a DHCP server, which can then register the hostname with the DNS server. The DNS server can then automatically manage hostname-to-dynamic IP address resolutions. External hosts can identify the interface by its hostname. The default value indicates system-hostname, which is the firewall hostname that you set in DeviceSetupManagementGeneral Settings. Alternatively, enter a hostname for the interface, which can be a maximum of 64 characters, including uppercase and lowercase letters, numbers, period (.), hyphen (-), and underscore (_).
      7. (Optional) Enter a Default Route Metric (priority level) for the route between the firewall and the DHCP server (range is 1 to 65,535; default is 10). A route with a lower number has higher priority during route selection. For example, a route with a metric of 10 is used before a route with a metric of 100.
        The Default Route Metric for the route between the firewall and the DHCP server is 10 by default. If the static default route 0.0.0.0/0 uses the DHCP interface as its egress interface, that route’s default Metric is also 10. Therefore, there are two routes with a metric of 10 and the firewall can randomly choose one of the routes one time and the other route another time.
        Suppose you enable the option to Automatically create default route pointing to default gateway provided by server, select a virtual router, add a static route for a Layer 3 interface, change the Metric (which defaults to 10) to a value greater than 10 (for this example, 100) and Commit your changes. In the route table, the route’s metric will not indicate 100. Instead, it will indicate the default value of 10, as expected, because 10 takes precedence over the configured value of 100. However, if you change the static route’s Metric to a value less than 10 (such as 6), the route in the route table is updated to indicate the configured metric of 6.
      8. (Optional) Enable the option to Show DHCP Client Runtime Info to see all of the settings the client inherited from its DHCP server.
    2. Commit your changes.
      Click OK and Commit.
      The Ethernet interface should now indicate Dynamic-DHCP Client as its IP Address on the Ethernet tab.
    3. (Optional) See which interfaces on the firewall are configured as DHCP clients.
      1. Select NetworkInterfacesEthernet and check the IP Address to see which interfaces indicate DHCP Client.
      2. Select NetworkInterfacesVLAN and check the IP Address to see which interfaces indicate DHCP Client.

    Configure an Interface as a DHCPv4 Client (SCM)

    Configure a firewall interface as a DHCPv4 client in Strata Cloud Manager.
    Configure an interface as a DHCP client if you need to use DHCP to request an IPv4 address for the interface.
    1. Log in to Strata Cloud Manager.
    2. Select ManageConfigurationNGFW and Prisma AccessDevice SettingsInterfacesConfigurationNGFW and Prisma AccessDevice SettingsInterfaces and select the Configuration Scope where you want to create the Layer 3 interface.
      Select a firewall from your Folders or select Snippets to configure the Layer 3 interface in a snippet.
      If you select a folder or select a snippet, you create a Layer 3 interface variable that must be assigned at the device level.
    3. Configure the interface.
      A Layer 3 Ethernet, Ethernet subinterface, VLAN, VLAN subinterface, aggregate, or aggregate subinterface are supported.
      1. When configuring the IP settings Type, select DHCP Client.
      2. Enable.
      3. Enable Automatically create default point to default gateway provided by the server.
        This setting is enabled by default and automatically creates a default route that points to the default gateway that the DHCP server provides.
      4. Enable Send Hostname if you want the firewall to send the hostname of the interface to the DHCP server.
        1. Enter the Hostname or select the default system-hostname.
          Custom hostnames support up to 64 characters, including uppercase and lowercase letters, numbers, periods, hyphens, and underscores.
        2. Enter the Default Metric Route for the route between the firewall and DHCP server.
          The metric route is a priority level associated with the default route for use in path selection. The priority level increases as the number value decreases. Default is 10; range is 1-65,535.
    4. Assign the interface to a logical router.
    5. Assign the Layer 3 interface to a zone.
    6. Save.
    7. Push Config to push your configuration changes.

    © 2026 Palo Alto Networks, Inc. All rights reserved.