Focus

Next-Generation Firewall

Firewall as a DHCP Server and Client

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

DHCP

Firewall as a DHCPv6 Client

Firewall as a DHCP Server and Client

Where Can I Use This?	What Do I Need?
NGFW (Managed by PAN-OS or Panorama)

The firewall can function as a DHCP server and a DHCP client. Dynamic Host Configuration Protocol, RFC 2131, is designed to support IPv4 and IPv6 addresses. The Palo Alto Networks^® implementation of DHCP server supports IPv4 addresses only.

The firewall DHCP server operates in the following manner:

When the DHCP server receives a DHCPDISCOVER message from a client, the server replies with a DHCPOFFER message containing all of the predefined and user-defined options in the order they appear in the configuration. The client selects the options it needs and responds with a DHCPREQUEST message.
When the server receives a DHCPREQUEST message from a client, the server replies with its DHCPACK message containing only the options specified in the request.

The firewall DHCP client operates in the following manner:

When the DHCP client receives a DHCPOFFER from the server, the client automatically caches all of the options offered for future use, regardless of which options it had sent in its DHCPREQUEST.
By default and to save memory consumption, the client caches only the first value of each option code if it receives multiple values for a code.
There is no maximum length for DHCP messages unless the DHCP client specifies a maximum in option 57 in its DHCPDISCOVER or DHCPREQUEST messages.
The firewall can also function as a DHCPv6 client.

Beginning in PAN-OS 11.1.4 and later releases, the firewall supports duplicate (overlapping) IPv4 and IPv6 addresses on Layer 3 interfaces that use different logical routers. Learn about this functionality before you enable Duplicate IP Address Support and configure overlapping IP addresses.

DHCP

Firewall as a DHCPv6 Client

Next-Generation Firewall Docs

Firewall as a DHCP Server and Client

Next-Generation Firewall Docs

Firewall as a DHCP Server and Client

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner