The Dynamic Host Configuration Protocol (DHCP) automatically distributes addresses from a defined IP address pool to client computers. It is designed to simplify network configuration on large networks, and to prevent address conflicts. DHCP distributes IP addresses, default gateway information, and DNS configuration information to its clients.
In addition to simplifying the configuration of client computers and allowing mobile computers to move painlessly between networks, DHCP helps to localize and troubleshoot IP address-related problems, as these are mostly issues with the configuration of the DHCP server itself. It also allows for a more effective use of address space, especially when not all computers are active at the same time, as addresses can be distributed as needed and reused when unneeded.
Known to apply to the following Sophos product(s) and version(s) Astaro Security Gateway / Sophos UTM
Operating systems V7, V8, V9
The tab Network Services > DHCP > Server allows to configure a DHCP server. Sophos UTM Appliance provides the DHCP service for the connected network. The DHPC server can be used to assign basic network parameters to your clients. You can run the DHCP service on multiple interfaces, with each interface having its own configuration set.
To configure a DHCP server, proceed as follows:
The Create New DHCP Server dialog box opens.
Interface: The interface from which the IP addresses should be assigned to the clients. You can only select an already configured interface.
Address type This option is only available when the IPv6 option is enabled. Select the IP version of the DHCP server.
Range start/end: The IP range to be used as an address pool on that interface. By default, the configured address area of the network card will appear in the text boxes. The range must be inside the network attached to the interface.
DNS server 1/2: The IP addresses of the DNS servers.
Default gateway (only with IPv4): The IP address of the default gateway.
Note – Both wireless access points and RED appliances need the default gateway to be within the same subnet as the interface they are connected to.
Domain (optional): Enter the domain name that will be transmitted to the clients (e.g., intranet.example.com).
Lease time (only with IPv4): The DHCP client automatically tries to renew its lease. If the lease is not renewed during its lease timeEach IP address assigned by the DHCP server expires after a certain interval, the IP address lease expires. Here you can define this interval in seconds. The default is 86400 seconds (one day). The minimum is 600 seconds (10 minutes) and the maximum is 2592000 seconds (one month).
Valid lifetime (only with IPv6):The DHCP client automatically tries to renew its lease. If the lease is not renewed during its valid lifetime, the IP address lease status becomes invalid, the address is removed from the interface, and it may be assigned somewhere else. You can select an interval between 5 minutes and infinity, however the valid lifetime must be equal or greater than the preferred lifetime.
Preferred lifetime (only with IPv6): The DHCP client automatically tries to renew its lease. If the lease is not renewed during its preferred lifetime, the IP address lease status becomes deprecated, i.e., it is still valid but will not be used for new connections. You can select an interval between 5 minutes and infinity.
Comment (optional): Add a description or other information.
Clients with static mappings only (optional): Select this option to have the DHCP server assign IP addresses only to clients that have an entry on the Static Mappings tab.
WINS node type (only with IPv4): Windows Internet Naming Service (WINS) is Microsoft's implementation of NetBIOS Name Server (NBNS) on Windows, a name server and service for NetBIOS computer names. A WINS server acts as a database that matches computer names with IP addresses, thus allowing computers using NetBIOS to take advantage of the TCP/IP network. The following WINS node types are available:
WINS server: Depending on your WINS node type selection, this text box appears. Enter the IP address of the WINS server.
Enable HTTP proxy auto configuration: Select this option if you want to provide a PAC file for automatic proxy configuration of browsers. For more information see chapter Web Protection > Web Filtering > Advanced, section Proxy Auto Configuration.
Note – HTTP proxy auto configuration is currently not supported with IPv6 by Microsoft Windows.
The new DHCP server definition appears on the DHCP server list and is immediately active.
To either edit or delete a DHCP server definition, click the corresponding buttons.
The Network Services > DHCP > Relay tab allows you to configure a DHCP relay. The DHCP service is provided by a separate DHCP server and the UTM Appliance works as a relay. The DHCP relay can be used to forward DHCP requests and responses across network segments. You need to specify the DHCP server and a list of interfaces between which DHCP traffic shall be forwarded.
To configure a DHCP relay, proceed as follows:
You can either click the status icon or the Enable button.
The status icon turns amber and the DHCP Relay Configuration area becomes editable.
DHCP requests arriving on these interfaces will be forwarded to the selected DHCP server.
Your settings will be saved.
To cancel the configuration, click Abort Enable or the amber colored status icon.
On the Network Services > DHCP > Static Mappings tab you can create static mappings between client and IP address for some or all clients. For that purpose, you need a configured DHCP server and, depending on the IP version of the DHCP server, the MAC address of the client's network card (with IPv4) or the DHCP Unique Identifier (DUID) of the client (with IPv6).
Note - To avoid an IP address clash between regularly assigned addresses from the DHCP pool and those statically mapped make sure that the latter are not in the scope of the DHCP pool. For example, a static mapping of 192.168.0.200 could result in two systems receiving the same IP address if the DHCP pool is 192.168.0.100 – 192.168.0.210.
To create a static client/IP address mapping, proceed as follows:
The Create New Mapping dialog box opens.
DHCP server: Enter the DHCP server to be used for static mapping.
MAC address (only with IPv4 DHCP server): Enter the MAC address of the client's network interface card. The MAC addresses are usually specified in a format consisting of six groups of two hexadecimal digits, separated by colons (e.g., 00:04:76:16:EA:62).
DUID address (only with IPv6 DHCP server): Enter the DUID of the client. With e.g. Windows operating systems, it can be found in the Windows Registry:
Please note that you have to enter the groups of two hexadecimal digits separated by colons (e.g., 00:01:00:01:13:30:65:56:00:50:56:b2:07:51).
IPv4 address/IPv6 address: Enter the IP address of the client. The IP address must be within the address range of the network interface card.
3. Click Save.
The new mapping appears on the Static Mappings list.
To either edit or delete a static mapping, click the corresponding buttons.
Using DHCP, a client no longer owns an IP address, but rather leases it from the DHCP server, which gives permission for a client to use the address for a period of time.
The lease table on the Network Services > DHCP > IPv4 Lease Table tab shows the current leases issued by the DHCP server, including information about the start date and the date when the lease will expire.
Add Static Mapping
You can use an existing lease as template for a new static MAC/IP mapping, by using the New Mapping button in the Add Static Mapping column of the table. Do the following:
The dialog window Add Mapping opens.
MAC Address (optional): Change the MAC address only if you want to assign the static mapping to a host different from your selection.
IPv4 Address: Change the IP address to an address outside the DHCP pool range.
Create DNS Mapping (optional): Select the checkbox to automatically create a static DNS mapping for the host (see Network Services > DNS > Static Entries). If you provide a Hostname, this mapping will use it.
Create Network Host Object (optional): Select the checkbox to automatically create a host object (see Definitions & Users > Network Definitions). If you provide a Hostname, this will be the object's name.
Hostname (optional): For convenience, it is recommended that you provide a name for the host. Otherwise the objects will be listed as "[unknown]".
Note - When converting a lease to a static mapping you should change the IP address so that it is no longer inside the scope of the DHCP pool. However, if you change the IP address, the address used by the client will not change immediately, but only when it tries to renew its lease for the next time.
The lease table on the Network Services > DHCP > IPv6 Lease Table tab shows the current leases issued by the DHCP server, including information about the start date and the date when the lease will expire.
Note – Leases that have been granted via prefix advertisements are not shown in the table.
DUID Address (optional): Change the DUID address only if you want to assign the static mapping to a host different from your selection.
IPv6 Address: Change the IP address to an address outside the DHCP pool range.
Create Network Definition For Host (optional): Select the checkbox to automatically create a network definition for the host object (see Definitions & Users > Network Definitions). If you provide a Hostname, this will be the object's name.
Clients via DHCP relay agent (only with IPv4): If selected, the DHCP server assigns IP addresses to clients which are not in the network of the attached interface. In this case, the address range defined above has to be inside the network where relayed DHCP requests are forwarded from, and not within the network of the attached interface.
Netmask: Select the netmask of the network where relayed DHCP requests are forwarded from.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.