Configure DHCP in Drop-In Mode

When you use drop-in mode for network configuration, you can optionally configure the Firebox as a DHCP server for the networks it protects, or make the device act as a DHCP relay agent. If you already have a DHCP server, we recommend that you continue to use that server for DHCP.

Use DHCP

By default, a Firebox configured as a DHCP server gives out the network (global) DNS/WINS server information. For more information about network DNS and WINS servers, go to Configure Network DNS and WINS Servers.

You can also configure DNS and WINS server settings on the DHCP Settings page that override the network DNS/WINS settings.

  1. Select Network > Interfaces.
    The Network Interfaces page appears.
  2. If your device is not already configured in drop-in mode, from the Configure Interfaces in drop-down list select Drop-In Mode.
  3. Click Configure.
    The Interface tab appears.
  4. Select the DHCP Settings tab.
  5. From the drop-down list, select DHCP Server.
    The DHCP configuration settings appear.

Screen shot of DHCP Settings in Drop-in Mode Properties

  1. To change the DHCP lease time, select a different option in the Lease Time drop-down list.
  2. To add an address pool from which your device can give out IP addresses, in the Address Pool section:
    • Click Add.
      The Add Address Range dialog box appears.
    • In the Start IP and End IP text boxes, type a range of IP addresses that are on the same subnet as the drop-in IP address.
      You can configure a maximum of six address pools.
    • Click OK.
      Repeat this step to add more DHCP reservations.
  3. To reserve a specific IP address from an address pool for a device or client, in the Reserved Addresses section:
    • Click Add.
      The Reserve IP by MAC Address dialog box appears.
    • Type the IP Address you want to reserve.
    • Type a Reservation Name to identify the reservation.
    • Type the MAC address for the device.
    • Click OK.
      Repeat this step to add more DHCP reservations.
  4. By default, your Firebox gives out the DNS/WINS server information configured on the Network > Interfaces > DNS/WINS tab when it is configured as a DHCP server. To send different DNS/WINS server information to DHCP clients, configure DNS and WINS server settings on this page.
  5. To configure predefined or custom DHCP options, go to Configure DHCP Options.
  6. (Fireware v12.1.1 or higher) By default, the Firebox IP address is the default gateway. To specify a different IP address as the default gateway, select Specify an IP address and type an IP address.
  7. At the top of the page, click Back.
  8. Click Save.
  1. Select Network > Configuration.
    The Network Configuration dialog box appears.
  2. If your Firebox is not already configured in drop-in mode, from the Configure Interfaces in drop-down list select Drop-In Mode.

Network Configuration dialog box, showing drop-in mode with DHCP

  1. Select Use DHCP Server.
  2. To add an address pool from which your Firebox can give out IP addresses, click Add next to the Address Pool box and specify starting and ending IP addresses that are on the same subnet as the drop-in IP address.
    Do not include the drop-in IP address in the address pool. Click OK.
    You can configure a maximum of six address ranges.
  3. To reserve a specific IP address from an address pool for a device or client, adjacent to the Reserved Addresses list, click Add. Type a name to identify the reservation, the IP address you want to reserve, and the MAC address for the device. Click OK.
  4. In the Leasing Time drop-down list, select the maximum amount of time that a DHCP client can use an IP address.
  5. By default, your Firebox gives out the DNS/WINS server information configured on the Network Configuration > WINS/DNS tab when it is configured as a DHCP server. To send different DNS/WINS server information to DHCP clients, click the Configure DNS/WINS servers button.
  6. To configure predefined or custom DHCP options, go to Configure DHCP Options.
  7. (Fireware v12.1.1 or higher) By default, the Firebox IP address is the default gateway. To specify a different IP address as the default gateway, select Specify and type an IP address.
  8. Click OK.
  9. Save the Configuration File.

Configure DHCP Options

DHCP options, also known as vendor extensions, enable you to specify DHCP configuration parameters and other control information, as described in RFC 2132. You can add predefined or custom DHCP options.

The predefined DHCP options are:

DHCP Option Code Name Type Description
150 TFTP Server IP IP address(es) The IP address of the TFTP server where the DHCP client can download the boot configuration.
66 TFTP Server Name Text The name of the TFTP server where the DHCP client can download the boot configuration.
67 TFTP Boot Filename Text The name of the boot file.
2 (deprecated) Time Offset 4 byte integer Time offset in seconds from Coordinated Universal Time (UTC). Option 2 is deprecated. We recommend that you add a custom DHCP option and specify code 100 or 101. These options are described in RFC 4833.
43 Vendor specific information Text This option is used by clients and servers to exchange vendor-specific information.
120 SIP Servers IP address(es) IPv4 addresses of one or more Session Initiation Protocol (SIP) outbound proxy servers. This option is described in RFC 3361.
138 CAPWAP Access Controller IP address(es) IPv4 addresses of one or more CAPWAP Access controllers. This option is described in RFC 5417.
156 DHCP State 1 byte integer (Unsigned) State of the IP address. This option is used by ShoreTel phones for an FTP boot option.

DHCP option codes 1, 3, 6, 15, 28, 44, 46, and 51 are configured in the DHCP settings or interface configuration. To configure DHCP option 15, which is the domain suffix that DHCP clients use, specify a domain name in network DNS settings. For information about the network DNS settings, go to Configure Network DNS and WINS Servers.

Some versions of Fireware OS do not support all the predefined options. If the option code you select requires a specific minimum version of Fireware, a notation appears to the right of the selected code in Policy Manager.

Add DHCP Options

You can add predefined or custom DHCP options.

  1. In the DHCP Options list, click Add.
    The Add DHCP Option dialog box appears. Predefined Option is selected by default

Screen shot of the Add DHCP Option dialog box for a Predefined Option

  1. From the Code drop-down list, select the DHCP option code.
    The Name and Value associated with the code are selected automatically and you cannot edit these.
  2. In the Value text box, type the value to assign to this option. It must match the Type for this option.
  3. Click OK.
  1. Click DHCP Options.
  2. Click Add.
    The Add DHCP Option dialog box appears. Predefined Option is selected by default

Screen shot of the Add DHCP Option dialog box for a Predefined Option

  1. From the Code drop-down list, select the DHCP option code.
    The Name and Value associated with the code are selected automatically and you cannot edit these.
  2. In the Value text box, type the value to assign to this option. It must match the Type for this option.
  3. Click OK.

If the option required by your vendor is not in the list of predefined options, you can add it as a custom option.

  1. In the DHCP Options list, click Add.
    The Add DHCP Option dialog box appears.

Screen shot of the Add DHCP Option dialog box for a Custom Option

  1. Select Custom Option.
  2. In the Code text box, type the DHCP option code.
  3. In the Name text box, type a name to describe this DHCP option.
  4. From the Type drop-down list, select the type of value required by this option.
  5. In the Value text box, type or select the value to assign to this option. It must match the Type you selected.
  6. Click OK.
  1. Click Add.
    The Add DHCP Option dialog box appears.
  2. Select Custom Option.

Screen shot of the Add DHCP Option dialog box for a Custom Option

  1. In the Code text box, type the DHCP option code.
  2. In the Name text box, type a name to describe this DHCP option.
  3. From the Type drop-down list, select the type of value required by this option.
  4. In the Value text box, type or select the value to assign to this option. It must match the Type you selected.
  5. Click OK.

If you use the same DHCP option code for more than one interface, the Type must be the same on each interface.

Use DHCP Relay

One way to assign IP addresses to computers on the trusted or optional networks is to use a DHCP server on a separate network. With this feature, the Firebox sends DHCP requests to the IP address of up to three DHCP servers you specify.

Make sure to Add a Static Route to each DHCP server, if necessary.

  1. Select Network > Interfaces.
    The Network Interfaces page appears.
  2. Click Properties.
  3. Select the DHCP Settings tab.
  4. From the drop-down list, select DHCP Relay.

Use DHCP Relay drop-down list

  1. In the DHCP Server text box, type the IP address of a DHCP server and click Add.
  2. Repeat the previous step to add the IP addresses of up to three DHCP servers.
  3. At the top of the page, click Back.
  4. Click Save.
  1. Select Network > Configuration.
    The Network Configuration dialog box appears.
  2. If your device is not already configured in drop-in mode, from the Configure Interfaces in drop-down list select Drop-In Mode.
  3. Select Use DHCP Relay.

Network Configuration dialog box, showing drop-in mode with DHCP relay

  1. Type the IP address of a DHCP server in the related field and click Add.
  2. Repeat this step to add the IP addresses of up to three DHCP servers.
  3. Click OK.
  4. Save the Configuration File.

Specify DHCP Settings for a Single Interface 

You can specify different DHCP settings for each trusted or optional interface in your configuration.

  1. On the Network > Interfaces page, select an interface.
  2. Click Edit.
  3. To use the same DHCP settings that you configured for drop-in mode, select Use System DHCP Settings.

To disable DHCP for clients on that network interface, select Disable DHCP.

To enable a different DHCP server for clients on a secondary network, select Use DHCP Server for Secondary Network. Configure the DHCP server settings and options as described in the Use DHCP and Configure DHCP Options sections above.

To configure DHCP relay for clients on a secondary network, select Use DHCP Relay for Secondary Network. Specify up to three IP addresses of DHCP servers to use for the secondary network.

  1. Click OK.
  1. Select Network > Configuration.
    The Network Configuration dialog box appears.
  2. Scroll to the bottom of the Network Configuration dialog box and select an interface.
  3. Click Configure.
  4. Update the DHCP settings:
  • To use the same DHCP settings that you configured for drop-in mode, select Use System DHCP Setting.
  • To disable DHCP for clients on that network interface, select Disable DHCP.
  • To configure DHCP relay for clients on a secondary network, select Use DHCP Relay for Secondary Network. Specify the IP address of the DHCP server to use for the secondary network.
  • To configure different DHCP options for clients on a secondary network, select Use DHCP Server for Secondary Network. Complete Steps 3–6 of the Use DHCP procedure to add IP address pools, set the default lease time, and manage DNS/WINS servers.
  • To configure DHCP options for the secondary network, click DHCP Options.
  1. Click OK.

Related Topics

Drop-In Mode