What happens when a DHCP reservation has DHCP options that conflict with the DHCP options defined at the scope or server level?

data-mc-breadcrumbs-count=6 data-mc-toc=True>

DHCP (Dynamic Host Configuration Protocol) is a method to assign IP addresses automatically to network clients. You can configure your Firebox as a DHCP server for the networks that it protects. If you have a DHCP server, we recommend that you continue to use that server for DHCP.

These DHCP settings apply to trusted, optional, or custom interfaces, and to VLAN, Bridge, and Link Aggregation interfaces in trusted, optional, or custom security zones.

If your Firebox is configured in drop-in mode, the configuration steps are different. To configure DHCP in drop-in mode, see Configure DHCP in Drop-In Mode.

To configure DNS and WINS settings that apply only to an interface, see Configure Per-Interface WINS/DNS.

Configure DHCP for IPv4

To configure DHCP for an interface, from Fireware Web UI:

1. Select Network > Interfaces.
2. Select a trusted, optional, or custom interface. Click Edit.
3. From the drop-down list, select DHCP Server.

1. To change the default lease time for addresses in the DHCP address pool, select a different option in the Lease Time drop-down list.
   This is the time interval that a DHCP client can use an IP address that it receives from the DHCP server. When the lease time is about to expire, the client sends data to the DHCP server to get a new lease.
2. To add a group of IP addresses to assign to users on this interface, in the Address Pool section, click Add.
   The Add Address Range dialog box appears.
3. Specify starting and ending IP addresses on the same subnet, then click OK. The address pool must belong either to the interface’s primary or secondary IP subnet.

   You can configure a maximum of six address ranges. Address groups are used from first to last. Addresses in each group are assigned by number, from lowest to highest.

   
   
4. If necessary, configure per-interface WINS/DNS.
5. To configure predefined or custom DHCP options, see Configure DHCP Options.
6. (Fireware v12.1.1 or higher) By default, the Firebox IP address is the default gateway. To specify a different IP address as the default gateway, select Specify an IP address and type the IP address.

To modify or delete an address pool range:

1. In the Address Pool table select the entry.
2. Click Edit to edit the selected range.
3. Click Remove to remove the selected range.

To configure DHCP for an interface, from Policy Manager:

1. Select Network > Configuration.
2. Select a trusted, optional, or custom interface. Click Configure.
   
3. Select Use DHCP Server.

1. To add a group of IP addresses to assign to users on this interface, in the Address Pool section, click Add.
2. Specify starting and ending IP addresses on the same subnet, then click OK. The address pool must belong either to the interface’s primary or secondary IP subnet.

   You can configure a maximum of six address ranges. Address groups are used from first to last. Addresses in each group are assigned by number, from lowest to highest.

3. To change the default lease time for addresses in the DHCP address pool, select a different option in the Leasing Time drop-down list.
   This is the time interval that a DHCP client can use an IP address that it receives from the DHCP server. When the lease time is about to expire, the client sends data to the DHCP server to get a new lease. 
4. If necessary, configure per-interface WINS/DNS.
5. To configure predefined or custom DHCP options, see Configure DHCP Options.
6. (Fireware v12.1.1 and higher) By default, the Firebox IP address is the default gateway. To specify a different IP address as the default gateway, select Specify and type an IP address.

To modify or delete an address pool range:

1. In the Address Pool table select the entry.
2. Click Edit to edit the selected range.
3. Click Remove to remove the selected range.

Configure DHCP Reservations

You can use DHCP reservations to reserve a specific IP address for a client.

To configure DHCP reservations, from Fireware Web UI:

To reserve a specific IP address for a client:

1. Select Network > Interfaces.
2. Select an interface and click Edit.
3. In the Reserved Addresses section, type a name for the reservation, the IP address you want to reserve, and the MAC address of the client’s network card.

   The DHCP reservation name cannot start or end with a dot (.) or dash (-), and cannot contain an underscore (_).

4. Click Add.

To modify or delete a reservation:

1. In the Reserved Addresses table, select the reservation.
2. Click Edit to edit the selected reservation.
3. Click Remove to remove the selected reservation.

To configure DHCP reservations, from Policy Manager:

To reserve a specific IP address for a client:

1. Select Network > Interfaces.
2. Select an interface and click Edit.
3. In the Reserved Addresses section, click Add.
   
4. Type a name for the reservation, the IP address you want to reserve, and the MAC address of the client’s network card.
   The DHCP reservation name cannot start or end with a dot (.) or dash (-), and cannot contain an underscore (_).

To modify or delete a reservation:

1. In the Reserved Addresses table, select the reservation.
2. Click Edit to edit the selected reservation.
3. Click Remove to remove the selected reservation.

Configure DHCP Options

DHCP options, also known as vendor extensions, enable you to specify DHCP configuration parameters and other control information, as described in RFC 2132. You can add predefined or custom DHCP options.

The predefined DHCP options are:

DHCP option codes 1, 6, 15, 28, 44, 46, and 51 are configured in the DHCP settings or interface configuration. To configure DHCP option 15, which is the domain suffix that DHCP clients use, specify a domain name in network DNS settings. For information about the network DNS settings, see Configure Network DNS and WINS Servers.

Some versions of Fireware OS do not support all the predefined options. If the option code you select requires a specific minimum version of Fireware, a notation appears to the right of the selected code in Policy Manager.

You can add a predefined DHCP option or a custom DHCP option. If you use the same DHCP option code for more than one interface, the Type configured for the option code must be the same on each interface.

To add a predefined DHCP option, from Fireware Web UI:

1. In the DHCP Options list, click Add.

   The Add DHCP Option dialog box appears. Predefined Option is selected by default

1. From the Code drop-down list, select the DHCP option code.

   The Name and Value associated with the code are selected automatically and you cannot edit these.

2. In the Value text box, type the value to assign to this option. It must match the Type for this option. If you specify a double quotation mark, you must preface it with a backslash. For example: ftpservers=\"10.254.252.240,10.255.252.240\",layer2tagging=1,vlanid=252
3. Click OK.

To add a predefined DHCP option, from Policy Manager:

1. Click DHCP Options.
   The DHCP Options dialog box appears.
2. Click Add.
   The Add DHCP Option dialog box appears. Predefined Option is the default selection.

1. From the Code drop-down list, select the DHCP option code.
   The Name and Value associated with the code are selected automatically and you cannot edit these.
2. In the Value text box, type the value to assign to this option. It must match the Type for this option. If you specify a double quotation mark, you must preface it with a backslash. For example: ftpservers=\"10.254.252.240,10.255.252.240\",layer2tagging=1,vlanid=252
3. Click OK.

If the option required by your vendor is not in the list of predefined options, you can add it as a custom option.

To add a custom DHCP option, from Fireware Web UI:

1. In the DHCP Options list, click Add.
   The Add DHCP Option dialog box appears.

1. Select Custom Option.
2. In the Code text box, type the DHCP option code.
3. In the Name text box, type a name to describe this DHCP option.
4. From the Type drop-down list, select the type of value required by this option.
5. In the Value text box, type the value to assign to this option. It must match the Type you selected. If you specify a double quotation mark, you must preface it with a backslash. For example: ftpservers=\"10.254.252.240,10.255.252.240\",layer2tagging=1,vlanid=252
6. Click OK.

To add a custom DHCP option, from Policy Manager:

1. Click Add.
   The Add DHCP Option dialog box appears.
2. Select Custom Option.

1. In the Code text box, type the DHCP option code.
2. In the Name text box, type a name to describe this DHCP option.
3. From the Type drop-down list, select the type of value required for this option.
4. In the Value text box, type or select the value to assign to this option. It must match the Type you selected. If you specify a double quotation mark, you must preface it with a backslash. For example: ftpservers=\"10.254.252.240,10.255.252.240\",layer2tagging=1,vlanid=252
5. Click OK.

DHCP option codes 1, 6, 15, 28, 44, 46, and 51 are configured in the DHCP settings or interface configuration.

Configure Per-Interface WINS/DNS

By default, when your Firebox is configured as a DHCP server, it gives out the network DNS server and network WINS server configured on the Network > Interfaces > DNS/WINS tab. To specify different information for your Firebox to assign when it gives out IP addresses, you can add a DNS server for the interface.

If the DNSWatch feature is enabled on your Firebox, and enforcement is enabled, DNS queries for external resources are sent to DNSWatch servers in some cases. For more information about DNS server precedence, see About DNS on the Firebox. For more information about DNSWatch, see About WatchGuard DNSWatch.

To configure per-interface WINS/DNS settings, from Fireware Web UI:

1. Select Network > Interfaces.
2. Select an interface and click Edit.
3. Select the DNS/WINS tab.
4. To change the default DNS domain, in the Domain Name text box type a domain name.
5. To create a new DNS server entry, in the DNS Server text box, type an IP address, and click Add.
6. To create a new WINS server entry, in the WINS Server text box, type an IP address and click Add.
7. To remove the selected server from a list, click Remove.

To configure per-interface WINS/DNS settings, from Policy Manager:

1. Select Network > Configuration.
2. Select an interface and click Configure.
3. In the IPv4 tab for an interface, click Configure DNS/WINS servers.
   The Configure DNS/WINS Servers dialog box appears.
4. To change the default DNS domain, type a Domain Name.
5. To create a new DNS or WINS server entry, click Add adjacent to the server type you want, type an IP address, and click OK.
6. To change the IP address of the selected server, click Edit.
7. To remove the selected server from the adjacent list, click Delete.

See Also

Configure DHCP Relay

Configure an IPv6 DHCP Server

Configure Network DNS and WINS Servers

About DNS on the Firebox

© 2022 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and other countries. Various other trademarks are held by their respective owners.