>
    Configure an Interface as a DHCP Server
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Set Up Firewalls
    4. DHCP
    5. Configure an Interface as a DHCP Server
    Download PDF
    Next-Generation Firewall

    Configure an Interface as a DHCP Server

    Table of Contents

    Configure an Interface as a DHCP Server

    Configure a firewall interface to act as a DHCP server.
    Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • VM-Series, funded with Software NGFW Credits
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    • Prisma Access license
    Configure an interface on your firewall to act as the DHCP server. The capacities for configuring a DHCP server are:
    • For firewall models other than PA-5200 Series and PA-7000 Series firewalls, see the Production selection tool.
    • On PA-5220 firewalls, you can configure a maximum of 500 DHCP servers and a maximum of 2,048 DHCP relay agents minus the number of DHCP servers configured. For example, if you configure 500 DHCP servers, you can configure 1,548 DHCP relay agents.
    • On PA-5250, PA-5260, and PA-7000 Series firewalls, you can configure a maximum of 500 DHCP servers, and a maximum of 4,096 DHCP relay agents minus the number of DHCP servers configured. For example, if you configure 500 DHCP servers, you can configure 3,596 DHCP relay agents.
    1. Log in to Strata Cloud Manager.
    2. Configure the interface that will act as a DHCP server.
      1. Configure a Layer 3 interface or Layer 3 VLAN interface.
      2. Assign the Layer 3 interface to a logical router.
      3. Assign the Layer 3 interface to a zone.
    3. Select ManageConfigurationNGFW and Prisma AccessDevice SettingsDHCPDHCP Server and select the Configuration Scope where you want to create the DHCP server.
      Select a firewall from your Folders or select Snippets to configure the DHCP server in a snippet.
    4. Add DHCP Server.
    5. For the Interface Name, select the Layer 3 interface.
    6. (Optional) Enable Ping IP when allocating new IP if you want the server to ping the IP address before it assigns that address to the client.
      If the ping receives a response that means a different device already has that address and the address isn’t available. The server assigns the next address from the pool instead.
    7. Select the Lease type.
      • Timeout—Determines how long the least will last. Enter the number of Days, Hours, and optionally the number of Minutes.
      • Unlimited (default)—Causes the server to dynamically choose IP addresses from the IP Pool and assign them permanently to clients.
    8. Select the DHCP Mode.
      • Auto probe to avoid conflict with existing DHCP server (default)—Enables the server and disables it if another DHCP server is detected on the network.
      • Enable DHCP server—Enables the DHCP server. DHCP server remains enabled if another DHCP server is detected on the network.
      • Disable DHCP server—Disables the DHCP server.
    9. In the IP Pools, Add the range of IP addresses from which the server assign an address to a client.
      Enter an IP subnet and subnet mask (for example, 192.168.1.0/24) or a range of IP addresses (for example, 192.168.1.10-192.168.1.20). Repeat this step to add additional IP addresses to the pool.
      An IP Pool or a Reserved List is mandatory for dynamic IP address assignment. An IP Pool is optional for static IP address assignment as along as the static IP addresses that you assign fall into the subnet the firewall interface services.
    10. (Optional) Specify an IP address from the IP pools that will be assigned dynamically.
      Repeat this step to reserve additional addresses.
      1. In the Reserved Lists, click Add.
      2. For the Reserved Address, enter the IP address from the IP Pools (format x.x.x.x) that you don’t want to be assigned dynamically.
      3. (Optional) Specify the MAC Address (format xx:xx:xx:xx:xx:xx) of the device to which you want to permanently assign the IP address you specified.
      4. (Optional) Enter a Description for the reserved IP address.
    11. Configure the DHCP Server Options that the server sends to its clients.
      • Inheritance—Firewall inherits options from the selected DHCP client.
      • Gateway—Enter the IP address of the network gateway used to reach any device not on the same LAN as the DHCP server.
      • Subnet Mask—Enter the network mask used with the addresses in the IP Pools.
      • DNS Primary, DNS Secondary—Enter the IP address of the preferred and alternate Domain Name System (DNS) servers.
      • WINS Primary, WINS Secondary—Enter the IP address of the preferred and alternate Windows internet Naming Service (WINS) servers.
      • NIS Primary, NIS Secondary—Enter the IP address of the preferred and alternate Network Information Service (NIS) servers.
      • NTP Primary, NTP Secondary—Enter the IP address of the preferred and alternate Network Time Protocol (NTP) servers.
      • POP3 Server—Enter the IP address of the Post Office Protocol (POP3) server.
      • SMTP Server—Enter the IP address of the Simple Mail Transfer Protocol (SMTP) server.
      • DNS Suffice—Suffix for the client to use locally when an unqualified hostname is entered that can’t be resolved.
    12. (Optional) Configure a vendor-specific or custom DHCP option that the DCHP server sends to its clients.
      Repeat this step to add additional custom DHCP options.
      1. Select Options and Add Custom DHCP Options.
      2. Enter a descriptive Name to identify the DHCP option.
      3. Enter the Code you want to configure the server to offer.
        Range is 1-254. See RFC 2132 for option codes.
      4. Enable Inherit from DHCP server inheritance source only if you specified an inheritance source for the DHCP server Options and want the vendor-specific and custom options to be inherited from this source.
      5. Select an option Choice (IP Address, ASCII, or Hexadecimal).
        This option is supported only if you disabled Inherit from DHCP server inheritance source.
      6. Add and enter the option Name.
        This is the value that you want the DHCP server to offer for the specified Code. You can add multiple values on separate lines.
      7. Save.
    13. Save.
    14. Push Config to push your configuration changes.

    © 2024 Palo Alto Networks, Inc. All rights reserved.