Focus

Next-Generation Firewall

Configure an Interface as a DHCP Relay Agent

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1 (EoL)
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Configure the Management Interface for Dynamic IPv6 Address Assignment

View DHCP Server Information

Configure an Interface as a DHCP Relay Agent

Configure an interface as a DHCP Relay Agent to transmit DHCP messages between clients and servers.

To enable a firewall interface to transmit DHCP messages between clients and servers, you must configure the firewall as a DHCP relay agent. The interface can forward messages to a maximum of eight external IPv4 DHCP servers and eight external IPv6 DHCP servers. A client DHCPDISCOVER message is sent to all configured servers, and the DHCPOFFER message of the first server that responds is relayed back to the requesting client.

Capacities are as follows:

You can configure a combined total of 500 DHCP servers (IPv4) and DHCP relay agents (IPv4 and IPv6) on all firewall models except for PA-5200 Series and PA-7000 Series firewalls
On PA-5220 firewalls, you can configure a maximum of 500 DHCP servers and a maximum of 2,048 DHCP relay agents minus the number of DHCP servers configured. For example, if you configure 500 DHCP servers, you can configure 1,548 DHCP relay agents.
On PA-5250, PA-5260, and PA-7000 Series firewalls, you can configure a maximum of 500 DHCP servers, and a maximum of 4,096 DHCP relay agents minus the number of DHCP servers configured. For example, if you configure 500 DHCP servers, you can configure 3,596 DHCP relay agents.

Before configuring a DHCP relay agent, make sure you have configured a Layer 3 Ethernet or Layer 3 VLAN interface, and the interface is assigned to a virtual router and a zone.

Select DHCP Relay.

Select NetworkDHCPDHCP Relay.
Specify the IP address of each DHCP server with which the DHCP relay agent will communicate.
1. In the Interface field, select the interface you want to be the DHCP relay agent.
2. Select either IPv4 or IPv6, indicating the type of DHCP server address you will specify.
3. If you checked IPv4, in the DHCP Server IP Address field, Add the address of the DHCP server to and from which you will relay DHCP messages.
4. If you checked IPv6, in the DHCP Server IPv6 Address field, Add the address of the DHCP server to and from which you will relay DHCP messages. If you specify a multicast address, also specify an outgoing Interface.
5. (Optional) Repeat the prior three steps to enter a maximum of eight DHCP server addresses per IP address family.
Commit the configuration.

Click OK and Commit.

Configure the Management Interface for Dynamic IPv6 Address Assignment

View DHCP Server Information

Next-Generation Firewall Docs

Configure an Interface as a DHCP Relay Agent

Next-Generation Firewall Docs

Configure an Interface as a DHCP Relay Agent

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner