This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP server with /29 mask

Hey guys and gals. Thank you for taking time to read this and thanks in advance for any assistance. First post and first time user. I have a basic understanding of firewalls and I've setup an internal, external and DMZ network.

 

On my DMZ network I'd like to use a /29 mask to allow the device to only talk to the gateway. How would I configure the DHCP pool? Can I configure a single pool or would I need to setup a pool for as many devices as I want to connect. 

 

If I need multiple pools, how do the devices talk to the gateway? For example, the first pool would be 0 network, 1 and 2 for addresses (1 being the gateway address already configured) and 3 for broadcast. 

The next pool would be 4 network, 5,6 for addresses and 7 for broadcast. This is what is stumping me. How would the devices in this pool communicate with the gateway? I may be over complicating it but this is where I'm puzzled.

 

How do I configure dhcp pool with a /29 mask on the gateway configuration?  



This thread was automatically locked due to age.
  • So from what I've figured out so far, the best way is to add as many interfaces on the DMZ NIC as I want devices to be able to connect. If I want a pool of 15 addresses, I would add 15 interfaces on the DMZ NIC and create a DHCP pool for each. Can anyone confirm this is the best route to take or is there a simpler solution?

     

    If this is the best route to take, how do I ensure devices cannot talk to each other. Does the subnetting take care of this completely?

  • Hey Mike - welcome to the UTM Community!

    Your descriptions don't sound like what I would recommend.  Normally, I would define three interfaces: Internal, External and DMZ.  For the Internal and DMZ Interfaces, the devices in their Ethernet Segment would use the IP of the interface as their default gateway.

    If you don't have a Windows domain controller or some other way to offer DHCP, you can use the UTM to assign addresses for the subnet on the Internal and DMZ interfaces.  I would go ahead and make both subnets /24.  Note that UTM doesn't use "reservations" like Windows, so you must define the DHCP server with a dynamic range that doesn't overlap with any fixed IPs you want to assign.

    You will also want to consult DNS best practice.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you! This is ultimately what I decided to go with. I have an AD controller inside which also serves DHCP and DNS but didn't want to expose this server to the DMZ so I am using DHCP and DNS served from UTM on the DMZ network.