Configure an IPv4 DHCP Server

DHCP (Dynamic Host Configuration Protocol) is a method to assign IP addresses automatically to network clients. You can configure your Firebox as a DHCP server for the networks that it protects. If you have a DHCP server, we recommend that you continue to use that server for DHCP.

These DHCP settings apply to trusted, optional, or custom interfaces, and to VLAN, Bridge, and Link Aggregation interfaces in trusted, optional, or custom security zones.

If your Firebox is configured in drop-in mode, the configuration steps are different. To configure DHCP in drop-in mode, see Configure DHCP in Drop-In Mode.

To configure DNS and WINS settings that apply only to an interface, see Configure Per-Interface WINS/DNS.

Configure DHCP for IPv4

Configure DHCP Reservations

You can use DHCP reservations to reserve a specific IP address for a client.

Configure DHCP Options

DHCP options, also known as vendor extensions, enable you to specify DHCP configuration parameters and other control information, as described in RFC 2132. You can add predefined or custom DHCP options.

The predefined DHCP options are:

DHCP Option Code Name Type Description
150 TFTP Server IP IP address(es) The IP address of the TFTP server where the DHCP client can download the boot configuration.
66 TFTP Server Name Text The name of the TFTP server where the DHCP client can download the boot configuration.
67 TFTP Boot Filename Text The name of the boot file.
2 (deprecated) Time Offset 4 byte integer Time offset in seconds from Coordinated Universal Time (UTC). Option 2 is deprecated. We recommend that you add a custom DHCP option and specify code 100 or 101. These options are described in RFC 4833.
43 Vendor specific information Text This option is used by clients and servers to exchange vendor-specific information.
120 SIP Servers IP address(es) IPv4 addresses of one or more Session Initiation Protocol (SIP) outbound proxy servers. This option is described in RFC 3361.
138 CAPWAP Access Controller IP address(es) IPv4 addresses of one or more CAPWAP Access controllers. This option is described in RFC 5417.
156 DHCP State 1 byte integer (Unsigned) State of the IP address. This option is used by ShoreTel phones for an FTP boot option.

DHCP option codes 1, 6, 15, 28, 44, 46, and 51 are configured in the DHCP settings or interface configuration. To configure DHCP option 15, which is the domain suffix that DHCP clients use, specify a domain name in network DNS settings. For information about the network DNS settings, see Configure Network DNS and WINS Servers.

Some versions of Fireware OS do not support all the predefined options. If the option code you select requires a specific minimum version of Fireware, a notation appears to the right of the selected code in Policy Manager.

You can add a predefined DHCP option or a custom DHCP option. If you use the same DHCP option code for more than one interface, the Type configured for the option code must be the same on each interface.

If the option required by your vendor is not in the list of predefined options, you can add it as a custom option.

DHCP option codes 1, 6, 15, 28, 44, 46, and 51 are configured in the DHCP settings or interface configuration.

Configure Per-Interface WINS/DNS

By default, when your Firebox is configured as a DHCP server, it gives out the network DNS server and network WINS server configured on the Network > Interfaces > DNS/WINS tab. To specify different information for your Firebox to assign when it gives out IP addresses, you can add a DNS server for the interface.

If the DNSWatch feature is enabled on your Firebox, and enforcement is enabled, DNS queries for external resources are sent to DNSWatch servers in some cases. For more information about DNS server precedence, see About DNS on the Firebox. For more information about DNSWatch, see About WatchGuard DNSWatch.

See Also

Configure DHCP Relay

Configure an IPv6 DHCP Server

Configure Network DNS and WINS Servers

About DNS on the Firebox