To enable a firewall interface to transmit
DHCP messages between
clients and servers, you must configure the firewall as a DHCP
relay agent. The interface can forward messages to a maximum of
eight external IPv4 DHCP servers and eight external IPv6 DHCP servers.
A client DHCPDISCOVER message is sent to all configured servers,
and the DHCPOFFER message of the first server that responds is relayed
back to the requesting client.
Capacities are as follows:
- You can configure a combined total of 500 DHCP servers (IPv4)
and DHCP relay agents (IPv4 and IPv6) on all firewall models except
for PA-5200 Series and PA-7000 Series firewalls
- On PA-5220 firewalls, you can configure a maximum of 500 DHCP
servers and a maximum of 2,048 DHCP relay agents minus the number
of DHCP servers configured. For example, if you configure 500 DHCP
servers, you can configure 1,548 DHCP relay agents.
- On PA-5250, PA-5260, and PA-7000 Series firewalls, you can configure
a maximum of 500 DHCP servers, and a maximum of 4,096 DHCP relay
agents minus the number of DHCP servers configured. For example,
if you configure 500 DHCP servers, you can configure 3,596 DHCP
relay agents.
Before configuring a DHCP relay agent,
make sure you have configured a Layer 3 Ethernet or Layer 3 VLAN
interface, and the interface is assigned to a virtual router and
a zone.
