You can now configure a DHCP server profile on the GlobalProtect gateway to use DHCP server for managing and assigning IP addresses for the endpoints connected remotely through the GlobalProtect app. Users who are using enterprise DHCP servers can enable this feature for centralized IP management and IP address assignments.

When you configure a DHCP server profile on the GlobalProtect gateway and upon successful communication between the gateway and the DHCP server, the gateway obtains DHCP IP addresses from a DHCP member server. The GlobalProtect gateway then assigns the IP addresses as the tunnel IP for the endpoints that are remotely connected through the GlobalProtect app. Firstyou configure a DHCP server profile on the GlobalProtect gateway. After successful communication between the gateway and the DHCP server, the gateway obtains DHCP IP addresses from a DHCP member server. Then the GlobalProtect gateway assigns the IP addresses as the tunnel IP for the endpoints that are remotely connected through the GlobalProtect app.

When the GlobalProtect gateway assigns the DHCP IP addresses to the endpoints, you can configure their DHCP server to create Dynamic DNS ( Address and Pointer Record) records for the GlobalProtect connected users. DDNS are useful for endpoint admins to do troubleshooting on the GlobalProtect connected remote user endpoints. The IP addresses get registered to the DDNS server only when you configure IP Address Management (IPAM) on Windows server, DDNS server, or on the Infoblox server.

When you create a DHCP profile on the firewall and enable the DHCP server on the GlobalProtect gateway, the gateway uses the DHCP server to manage and assign the IP addresses for the endpoints instead of assigning the IP addresses from the gateway’s private IP pool. If the DHCP server fails to respond to the gateway within the set communication timeout and retry time period, the gateway falls back to the private Static IP pool for the allocation of IP addresses for the endpoints.