Dhcp Relay" Service; Parameters; Listening Interfaces On The Dhcp Relay Service - Stormshield SN series Configuration Manual

Default (hour)
Minimum (hour)
Maximum (hour)

"DHCP relay" service

The "DHCP relay" service contains 2 configuration zones:
Settings This menu allows configuring the DHCP server(s) to which the firewall will relay DHCP
l
requests from client hosts.
Listening interfaces on the DHCP relay service. The network interfaces(s) on which the
l
firewall listens for DHCP client requests.

Parameters

DHCP server(s)
IP address used to
relay DHCP queries
Relay DHCP queries for
all interfaces

Listening interfaces on the DHCP relay service

In this section, indicate:
The network interfaces through which the firewall will receive DHCP client requests.
l
The network interfaces through which the firewall will contact the external DHCP server(s).
l
The DHCP relay service on the firewall can also listen on the interface used by the IPSec VPN in
order to relay DHCP queries through these tunnels.
Listening interfaces must include the interfaces for listening to the client-side query as well as
the interfaces for listening to the server-side response.
The DHCP server has to be configured in such a way that it can distribute IP addresses to clients
that pass through the relay.
Action buttons
Page 95/448
For the purpose of optimizing network resources, IP addresses are assigned for a
limited period. You therefore need to indicate here the default duration for which
hosts will keep the same IP address.
Minimum duration for which hosts will keep the same IP address.
Maximum duration for which hosts will keep the same IP address.
The drop-down list allows selecting a host object or group object containing hosts. The
firewall will relay client requests to this or these DHCP server(s).
The IP address entered as the source in this field will be used for relayed queries.
For example, this option would allow local users to benefit from the automatic
configuration of the IP parameters of a remote DHCP server through an IPSec tunnel.
This address has to belong to the local traffic endpoint in order to be recognized by
the tunnel. This option is only available for a DHCPv4 service and via a VPN tunnel
whose traffic endpoints have been configured in IPv4.
NOTE
This operating mode is only possible with an external DHCPv4 server; the
firewall's DHCP service cannot be used.
NOTE
The tunnel's traffic endpoints have to be configured in IPv4 and the tunnel
endpoints can be defined in either IPv4 or IPv6.
If nothing is entered, the selection of the address will be automatic (selection of the IP
address of the interface in front of the routing).
If this option has been selected, the firewall will listen for DHCP client requests on all
its network interfaces. In this case, the table Listening interfaces on the DHCP relay
service will be grayed out.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
DHCP