Firebox as a DHCP Server

A WatchGuard Firebox has the ability to serve as the DHCP Server in your environment should you not have another device that has the capability, or your current server is out of commission. WatchGuard did not cut any corners on the firewall’s ability to hand out, reserve, or manage IP’s that are given. DHCP is configured at the interface, bridge, or VLAN level with a lot of similarities across each type. Below you will find how to configure the Firebox as a DHCP Server for an interface:

  • Within Policy Manager navigate to Network->Configuration->Interfaces

    • From here, select ‘Use DHCP Server’

Now you can begin configuring your DHCP Address Pool:

  • Select ‘Add’

  • Now choose a starting address and ending address for your DHCP Range

With this configuration, there are several addresses ready to be leased. This will suffice for everyday computers that do not need to be statically set. For computers that need to be statically set, however, you have the ability to set DHCP Reservations.

To configure a DHCP Reservation you need the MAC Address of the device in question. This is so the WatchGuard has a way to identify the device before it hands out the corresponding IP Address.

  • Under Reserved Addresses, select ‘Add’

  • Set a Reservation Name

  • Enter the desired static IP Address

  • Enter the MAC Address of the device

The final piece for configuring the Firebox as a DHCP Server is to configure DHCP Options. The DHCP Option Codes are listed in their entirety on WatchGuard’s Help Center; refer to that if necessary. To configure DHCP Options, see below:

  • Select DHCP Options

  • Select Add

  • Select the Code necessary for your implementation

  • Enter the Value as the Type mentioned above

In this scenario we would be configuring DHCP Options for our two FTP Servers, which would also have to be added as DHCP Reservations.

To conclude, the Firebox also has the ability to identify a DHCP Relay. This will forward all requests for DHCP on a particular interface to another IP. This is useful in scenarios when you do not want the Firebox to be a DHCP Server, and you would like another device to be. This can be used in a site-to-site VPN infrastructure if your DC at your primary location goes down. Multiple IP addresses can be added to this list if that’s an applicable configuration for your environment.

  • Select ‘Use DHCP Relay’

  • Enter the IP Address necessary

  • Select ‘Add’

It’s worth noting that, as expected, when certain DHCP configuration types are chosen, others become unavailable. Once you select ‘Use DHCP Relay’ you cannot use that interface, VLAN, etc. as a DHCP Server.

As shown, the Firebox is an incredibly powerful tool for leasing out IP addresses and managing them!

(888) 897-9680

Charlotte, NC - HQ • Columbia, SC • Raleigh, NC • Kansas City, MO • Philadelphia, PA • Tampa, FL