Related Topics
Configure DHCP in Drop-In Mode
When you use drop-in mode for network configuration, you can optionally configure the Firebox as a DHCP server for the networks it protects, or make the device act as a DHCP relay agent. If you already have a DHCP server, we recommend that you continue to use that server for DHCP.
The features available in WatchGuard System Manager (WSM) can be different for different versions of Fireware. If your Firebox does not run Fireware OS v11.10.x or higher, the content in this Help topic might not apply to your Firebox.
For instructions to complete the procedures in this topic for a Firebox that runs an older version of Fireware, see:
Configure IPv4 DHCP in Drop-In Mode in WatchGuard System Manager v11.9.4 Help
Use DHCP
By default, your Firebox device gives out the configured DNS/WINS server information when it is configured as a DHCP server. You can configure DNS/WINS information on this page to override the global configuration. For more information, see the instructions in Add WINS and DNS Server Addresses.
- Select Network > Interfaces.
The Network Interfaces page appears. - If your device is not already configured in drop-in mode, from the Configure Interfaces in drop-down list select Drop-In Mode.
- Click Properties.
- Select the DHCP Settings tab.
- From the drop-down list, select DHCP Server.
The DHCP configuration settings appear.
- To change the DHCP lease time, select a different option in the Lease Time drop-down list.
- To add an address pool from which your device can give out IP addresses, in the Address Pool section:
- Click Add.
- In the Starting IP and Ending IP text boxes, type a range of IP addresses that are on the same subnet as the drop-in IP address.
You can configure a maximum of six address pools. - Click OK.
Repeat this step to add more DHCP reservations.
- To reserve a specific IP address from an address pool for a device or client, in the Reserved Addresses section:
- Click Add.
- Type a Reservation Name to identify the reservation.
- Type the Reserved IP address you want to reserve.
- Type the MAC address for the device.
- Click OK.
Repeat this step to add more DHCP reservations.
- If necessary, Add WINS and DNS Server Addresses.
- At the top of the page, click Back.
- Click Save.
- Select Network > Configuration.
The Network Configuration dialog box appears. - If your Firebox is not already configured in drop-in mode, from the Configure Interfaces in drop-down list select Drop-In Mode.
- Select Use DHCP Server.
- To add an address pool from which your Firebox can give out IP addresses, click Add next to the Address Pool box and specify starting and ending IP addresses that are on the same subnet as the drop-in IP address.
Do not include the drop-in IP address in the address pool. Click OK.
You can configure a maximum of six address ranges. - To reserve a specific IP address from an address pool for a device or client, adjacent to the Reserved Addresses field, click Add. Type a name to identify the reservation, the IP address you want to reserve, and the MAC address for the device. Click OK.
- In the Leasing Time drop-down list, select the maximum amount of time that a DHCP client can use an IP address.
- By default, your Firebox gives out the DNS/WINS server information configured on the Network Configuration > WINS/DNS tab when it is configured as a DHCP server. To send different DNS/WINS server information to DHCP clients, click the Configure DNS/WINS servers button.
- Click OK.
- Save the Configuration File.
Configure DHCP Options
DHCP options, also known as vendor extensions, enable you to specify DHCP configuration parameters and other control information, as described in RFC 2132. You can add predefined or custom DHCP options. Custom options are supported in Fireware v11.9.3 and higher.
The predefined DHCP options are:
DHCP Option Code | Name | Type | Description |
---|---|---|---|
150 | TFTP Server IP | IP address(es) |
The IP address of the TFTP server where the DHCP client can download the boot configuration. |
66 | TFTP Server Name | Text | The name of the TFTP server where the DHCP client can download the boot configuration. |
67 | TFTP Boot Filename | Text | The name of the boot file. |
2 | Time Offset | 4 byte integer |
Time offset in seconds from Coordinated Universal Time (UTC). |
43 | Vendor specific information | Text | This option is used by clients and servers to exchange vendor- specific information. |
120 | SIP Servers | IP address(es) |
IPv4 addresses of one or more Session Initiation Protocol (SIP) outbound proxy servers. This option is described in RFC 3361. |
138 | CAPWAP Access Controller | IP address(es) |
IPv4 addresses of one or more CAPWAP Access controllers. This option is described in RFC 5417. |
156 | DHCP State | 1 byte integer (Unsigned) | State of the IP address. This option is used by ShoreTel phones for an FTP boot option. |
Some versions of Fireware OS do not support all the predefined options. If the option code you select requires a specific minimum version of Fireware, a notation appears to the right of the selected code in Policy Manager.
Add DHCP Options
In Fireware XTM v11.9.3 and higher, you can add predefined or custom DHCP options.
- In the DHCP Options list, click Add.
The Add DHCP Option dialog box appears. Predefined Option is selected by default
- From the Code drop-down list, select the DHCP option code.
The Name and Value associated with the code are selected automatically and you cannot edit these. - In the Value text box, type the value to assign to this option. It must match the Type for this option.
- Click OK.
- Click DHCP Options.
- Click Add.
The Add DHCP Option dialog box appears. Predefined Option is selected by default
- From the Code drop-down list, select the DHCP option code.
The Name and Value associated with the code are selected automatically and you cannot edit these. - In the Value text box, type the value to assign to this option. It must match the Type for this option.
- Click OK.
If the option required by your vendor is not in the list of predefined options, you can add it as a custom option.
- In the DHCP Options list, click Add.
The Add DHCP Option dialog box appears.
- Select Custom Option.
- In the Code text box, type the DHCP option code.
- In the Name text box, type a name to describe this DHCP option.
- From the Type drop-down list, select the type of value required by this option.
- In the Value text box, type or select the value to assign to this option. It must match the Type you selected.
- Click OK.
- Click Add.
The Add DHCP Option dialog box appears. - Select Custom Option.
- In the Code text box, type the DHCP option code.
- In the Name text box, type a name to describe this DHCP option.
- From the Type drop-down list, select the type of value required by this option.
- In the Value text box, type or select the value to assign to this option. It must match the Type you selected.
- Click OK.
If you use the same DHCP option code for more than one interface, the Type must be the same on each interface.
Use DHCP Relay
One way to assign IP addresses to computers on the trusted or optional networks is to use a DHCP server on a separate network. With this feature, the Firebox sends DHCP requests to the IP address of up to three DHCP servers you specify.
Make sure to Add a Static Route to each DHCP server, if necessary.
- Select Network > Interfaces.
The Network Interfaces page appears. - Click Properties.
- Select the DHCP Settings tab.
- From the drop-down list, select DHCP Relay.
- In the DHCP Server text box, type the IP address of a DHCP server and click Add.
- Repeat the previous step to add the IP addresses of up to three DHCP servers.
- At the top of the page, click Back.
- Click Save.
- Select Network > Configuration.
The Network Configuration dialog box appears. - If your device is not already configured in drop-in mode, from the Configure Interfaces in drop-down list select Drop-In Mode.
- Select Use DHCP Relay.
- Type the IP address of a DHCP server in the related field and click Add.
- Repeat this step to add the IP addresses of up to three DHCP servers.
- Click OK.
- Save the Configuration File.
Specify DHCP Settings for a Single Interface
You can specify different DHCP settings for each trusted or optional interface in your configuration.
- On the Network > Interfaces page, select an interface.
- Click Edit.
- To use the same DHCP settings that you configured for drop-in mode, select Use System DHCP Settings.
To disable DHCP for clients on that network interface, select Disable DHCP.
To enable a different DHCP server for clients on a secondary network, select Use DHCP Server for Secondary Network. Configure the DHCP server settings and options as described in the Use DHCP and Configure DHCP Options sections above.
To configure DHCP relay for clients on a secondary network, select Use DHCP Relay for Secondary Network. Specify up to three IP addresses of DHCP servers to use for the secondary network.
- Click OK.
- Select Network > Configuration.
The Network Configuration dialog box appears. - Scroll to the bottom of the Network Configuration dialog box and select an interface.
- Click Configure.
- Update the DHCP settings:
- To use the same DHCP settings that you configured for drop-in mode, select Use System DHCP Setting.
- To disable DHCP for clients on that network interface, select Disable DHCP.
- To configure DHCP relay for clients on a secondary network, select Use DHCP Relay for Secondary Network. Specify the IP address of the DHCP server to use for the secondary network.
- To configure different DHCP options for clients on a secondary network, select Use DHCP Server for Secondary Network. Complete Steps 3–6 of the Use DHCP procedure to add IP address pools, set the default lease time, and manage DNS/WINS servers.
- To configure DHCP options for the secondary network, click DHCP Options.
- Click OK.