DHCP
DHCP service settings are located within the DHCP IPv6 tab.
General
Enable service: enables the DHCP service in one of 2 specific modes: server or relay.
| DHCP server | Sends various network parameters to DHCP clients. |
| DHCP Relay | The DHCP relay mode is to be used when client requests are to be redirected to an external DHCP server. |
“DHCP server” service
The “DHCP server” service presents 4 configuration zones:
- Default settings This menu is reserved for the configuration of the DNS parameters sent to DHCP clients (domain name, primary and secondary DNS servers)
- Address range For each range, specify a group of addresses to be allocated to users. The allocated address will remain allocated for the duration determined in the advanced configuration.
- Reservation The address allocated by the service stays the same for hosts listed in the column Reservation.
- Advanced properties This menu allows enabling or disabling the automatic sending of the proxy configuration files for client hosts (WPAD: Web Proxy Autodiscovery Protocol). It is also possible to customize the duration of the allocation of IP addresses distributed by the DHCP service.
NOTE
DHCPv6 can only function with the Router advertisements (RA) mechanism configured on an interface or bridge in the module Network>Interfaces. These router advertisements indicate that the firewall is presented as the default router.
Default settings
If the DHCP server option has been selected, global parameters can be configured here, such as the domain name, DNS servers, etc. that client hosts will use.
| Domain name | Domain name used by DHCP client hosts for DNS resolution. |
| Primary DNS server | Select the primary DNS server that will be sent to DHCP clients. This is a host object. If no objects are specified, the firewall’s primary DNS server will be sent to them. |
| Secondary DNS server | Select the secondary DNS server that will be sent to DHCP clients. This is a host object. If no objects are specified, the firewall’s secondary DNS server will be sent to them. |
Address range
In order for a DHCP server to provide IP addresses, an address pool from which the server can pick addresses has to be configured.
Action buttons
To add or delete address ranges, click on Add or Delete.
| Add | Allows adding an address range. Select or create an IPv6 address range (IP address range network object). |
| Delete | Allows deleting one or several address ranges simultaneously. |
The table shows the address ranges used by the DHCP server for distributing addresses to clients:
| Address range | Select an IP address range network object from the drop-down list. The server will pick from this pool to distribute addresses to clients. If none of the firewall’s protected interfaces has an IP address in the network hosting this range, a warning message will appear: “No protected interfaces match this address range”. |
| Primary DNS | This field allows assigning a specific main DNS server to DHCP clients. Select a host network object from the drop-down list. If no objects are selected, the value “default” will be displayed in this column. The host selected in the Primary DNS field in the Default settings section will then be used as the DNS server for the client. |
| Secondary DNS | This field allows assigning a specific secondary DNS server to DHCP clients. Select a host network object from the drop-down list. If no objects are selected, the value “default” will be displayed in this column. The host selected in the Secondary DNS field in the Default settings section will then be used as the DNS server for the client. |
| Domain name | This field allows indicating a specific domain name that will be used by the DHCP client for its DNS resolution. If no name is specified, the value “Default domain” will be displayed in this column. The domain name indicated in the Domain name field in the Default settings section will then be used for the client. |
WARNING
Ranges must not overlap. An address range belongs to a single bridge/interface.
Reservation
Even when a server that dynamically distributes IP addresses to clients is used, a specific IP address can be reserved for certain hosts. This configuration resembles static addressing, but nothing is configured on client workstations, thereby simplifying their network configuration.
Action buttons
To add or delete reserved addresses, click on Add or Delete.
| Add | Allows adding a reserved IP address for a specific host network object. |
| Delete | Allows deleting an IP address reservation. If a reservation is cancelled, the host concerned will be assigned a new random address when it is renewed. |
The table shows host objects for which addresses have been reserved (each object must contain the reserved IPv6 address), as well as their DUID (DHCP Unique Identifier). The DUID is mandatory as it allows identifying the client host during the assignment or renewal of IP addresses so that it can be assigned the reserved address. It plays a role that is similar to that of a MAC address in DHCP IPv4.
| Reservation | This field contains the name of the network object (host) that has a reserved IPv6 address. |
| DHCP Unique Identifier (DUID) | This field contains the host’s unique ID. This ID allows the firewall to identify the client and reassign the reserved IP address to it. On a Windows client workstation, this DUID is entered in the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Dhcpv6DUID |
| Primary DNS | This field allows assigning a specific main DNS server to each DHCP client using address reservation. Select a host network object from the drop-down list. If no objects are selected, the value “default” will be displayed in this column. The host selected in the Primary DNS field in the Default settings section will then be used as the DNS server for the client. |
| Secondary DNS | This field allows assigning a specific secondary DNS server to each DHCP client using address reservation. Select a host network object from the drop-down list. If no objects are selected, the value “default” will be displayed in this column. The host selected in the Secondary DNS field in the Default settings section will then be used as the DNS server for the client. |
| Domain name | This field allows indicating a specific domain name that will be used by the DHCP client for its DNS resolution. If no name is specified, the value “Default domain” will be displayed in this column. The domain name indicated in the Domain name field in the Default settings section will then be used for the client. |
Advanced properties
| TFTP Server | The TFTP server is used for booting hosts remotely. This field (option 150: TFTP server address) can be used for starting up network devices such as routers, X-terminals or workstations without hard disks. Only servers that have an IPv6 interface will appear in the list. |
| Distribute the Web proxy autodiscovery (WPAD) file | If this option has been selected, the DHCP server will distribute the internet access configuration to DHCP clients through a PAC Proxy Auto Configuration). This file, which has a “.pac” extension, has to be entered in the authentication settings (Captive portal tab in the menu Configuration>Users>Authentication). It can be made accessible from internal and/or external interfaces (Internal interfaces and External interfaces tabs in the menu Configuration>Users>Authentication). |
Assigned lease time
| Default (hour) | For the purpose of optimizing network resources, IP addresses are assigned for a limited period. You therefore need to indicate here the default duration for which hosts will keep the same IP address. |
| Minimum (hour) | Minimum duration for which hosts will keep the same IP address. |
| Maximum (hour) | Maximum duration for which hosts will keep the same IP address. |
“DHCP relay” service
The “DHCP relay” service contains 3 configuration zones:
- Settings This menu allows configuring the DHCP server(s) to which the firewall will relay DHCP requests from client hosts.
- Listening interfaces for DHCP requests Network interfaces on which the firewall listens for client DHCP requests.
- Outgoing interfaces on the DHCP relay. Specify the interfaces through which the firewall will send requests to the DHCP server(s) indicated earlier.
Settings
| DHCP server(s) | The drop-down list allows selecting a host object or group object containing hosts. The firewall will relay client requests to this or these DHCP server(s). |
Listening interfaces for DHCP requests
Indicate the network interfaces through which the firewall will receive DHCP client requests.
Action buttons
In order to add or delete listening interfaces, click on Add or Delete.
| Add | Adds a row to the table and opens a drop-down list of the firewall’s interfaces in order to select an interface. |
| Delete | Allows selecting one or several listening interfaces. |
Outgoing interfaces on the DHCP relay
Indicate the network interfaces through which the firewall will be able to contact the DHCP server(s) in order to send DHCP client requests.
Action buttons
In order to add or delete output interfaces, click on Add or Delete.
| Add | Adds a row to the table and opens a drop-down list of the firewall’s interfaces in order to select an interface. |
| Delete | Allows selecting one or several output interfaces. |