DHCP relay on an Airwall Gateway
If you have protected devices that use DHCP to obtain an IP address, you can configure the Airwall Gateway to relay the DHCP address to your DHCP server.
Note: You must have an overlay IP
address on the Overlay port
group of the Airwall Gateway that
has your DHCP clients behind it (10.100.2.1/24 in the diagram below). This overlay IP
address should be the default gateway that is handed out by the DHCP Server for the
DHCP clients..
Deploy the DHCP server so it routes traffic to DHCP-relay-enabled spokes via the hub Airwall. The DHCP server needs to connect to an Overlay port and the DHCP relay traffic needs to traverse the tunnel to the Spoke Airwall, as shown in the following diagram.
- Make sure that the DHCP server is a protected device of the hub Airwall Gateway.
-
For each Airwall Gateway
(Spoke 1 and Spoke 2 in the diagram) that has a DHCP device behind it:
- From the Airwalls page, open the Airwall Gateway to which the DHCP client device or devices belong.
- On the Ports tab, open the Overlay you are enabling DHCP on.
- Under DHCP Settings, click Configure
- Under DHCP Configuration, select DHCP relay.
- Set the Upstream DHCP server (for example, 10.0.0.10).
- Click Apply.
- Add a network object that includes the DHCP scope as a protected device to each Spoke Airwall Gateway. For example, for Spoke 2, add a device with IP Address = 10.100.2.0/24 (this is referred to as a Network Object).
-
Create an Overlay
for the DHCP traffic:
-
On the Devices tab, click the + and add the network object
created in step 3 (that is, 10.100.2.0/24) to the Overlay.
-
Establish trust between the network object and the DHCP server.
-
On the Devices tab, click the + and add the network object
created in step 3 (that is, 10.100.2.0/24) to the Overlay.
Note: The DHCP Scope Default gateway (i.e 10.100.2.1) needs to match the Overlay IP for
the port group connected to DHCP clients. And, the subnet mask of the DHCP scope
must match the subnet mask of the Overlay IP port group.