To enable a firewall interface to transmit
DHCP messages between clients and servers,
you must configure the firewall as a DHCP relay agent. The interface
can forward messages to a maximum of eight external IPv4 DHCP servers
and eight external IPv6 DHCP servers. A client DHCPDISCOVER message
is sent to all configured servers, and the DHCPOFFER message of
the first server that responds is relayed back to the requesting
client.
Capacities are as follows:
- You can configure
a combined total of 500 DHCP servers (IPv4) and DHCP relay agents
(IPv4 and IPv6) on all firewall models except for PA-5200 Series
and PA-7000 Series firewalls
- On PA-5220 firewalls, you can configure a maximum of 500 DHCP
servers and a maximum of 2,048 DHCP relay agents minus the number
of DHCP servers configured. For example, if you configure 500 DHCP
servers, you can configure 1,548 DHCP relay agents.
- On PA-5250, PA-5260, and PA-7000 Series firewalls, you can configure
a maximum of 500 DHCP servers, and a maximum of 4,096 DHCP relay
agents minus the number of DHCP servers configured. For example,
if you configure 500 DHCP servers, you can configure 3,596 DHCP
relay agents.
Before configuring a DHCP relay agent,
make sure you have configured a Layer 3 Ethernet or Layer 3 VLAN
interface, and the interface is assigned to a virtual router and
a zone.
