Configure DHCP Relay

Some of the features described in this section are only available to participants in the WatchGuard Beta program. If a feature described in this section is not available in your version of Fireware, it is a beta-only feature.

One way to assign IP addresses to computers on the trusted, optional, or custom networks is to use a DHCP server on a separate network. You can use DHCP relay to get IP addresses for the computers on the trusted or optional network. With this feature, the Firebox sends DHCP requests to the IP address of up to three DHCP servers you specify.

If you have configured two DHCP servers for failover, add the IP addresses of both the primary and secondary DHCP servers to the configuration for DHCP relay. The Firebox sends DHCP requests to the IP addresses of all DHCP servers you specify.

In Fireware v12.1.1 or higher, you can specify DHCP relay servers for each interface. The DHCP relay servers you specify apply only to DHCP requests received on that interface.

Make sure the Firebox has a route to the IP addresses you specify for DHCP relay. If the DHCP server you want to use is not on a network protected by your Firebox, you must set up a branch office VPN (BOVPN) tunnel between your Firebox and the network where the DHCP server is for this feature to operate correctly.

The Firebox limits the number of interfaces on which DHCP relay works. In Fireware v12.7 or higher, DHCP relay works on all interfaces configured for DHCP relay if you configure 750 or fewer interfaces to use DHCP relay. In lower Firebox versions, the limit is different. For more information, see DHCP relay fails if configured on more than 255 interfaces in the WatchGuard Knowledge Base.

In Fireware v12.1 or lower, the DHCP relay servers you specify are used for DHCP requests received all interfaces.

Configure DHCP Relay

To configure DHCP relay, from Fireware Web UI:

  1. Select Network > Interfaces.
    The Network Interfaces page appears.

  1. Select a trusted, optional, or custom interface and click Configure.
  2. From the drop-down list at the bottom of the page, select Use DHCP Relay.
  3. In the DHCP Server text box, type the IP address of a DHCP server and click Add.
  4. Repeat the previous step to add the IP addresses of up to three DHCP servers.

To configure DHCP relay, from Policy Manager:

  1. Select Network > Configuration.
    The Network Configuration dialog box appears.

  1. Select a trusted, optional, or custom interface and click Configure.
  2. Select Use DHCP Relay.
  3. Type the IP address of the DHCP server and click Add.
  4. Repeat the previous step to add the IP addresses of up to three DHCP servers.

Make sure to add a static route to each DHCP server, if necessary. The DHCP server can be on the network at the remote end of a branch office VPN tunnel.

See Also

Configure an IPv4 DHCP Server