How to Configure a DHCP Relay on Palo Alto Networks Firewall
189892
Created On 09/25/18 17:27 PM - Last Modified 10/07/24 17:04 PM
Symptom
This document describes the steps to configure a DHCP relay on the Palo Alto Networks firewall.
Environment
- Palo Alto Networks Firewall.
- Supported PAN-OS.
- DHCP Relay.
Resolution
The following example scenario will be used in the configuration. Steps are also documented at Configure DHCP relay
- Configure which interface will be acting as DHCP relay (for example, Trust E1/5)
- From the Web UI, go to Network > DHCP > DHCP Relay
- Click Add and configure the IP address of the DHCP server
- Up to four DHCP Server IP addresses can be configured.
- Configure security rules to allow DHCP traffic between zones:
- Trust to Trust - for client to/from DHCP Relay interface communication (broadcast/unicast)
- Trust to DMZ - for DHCP Relay interface to/from DHCP Server Communication (unicast)
Example of a configured security policy:
- Commit
Note: Using a Palo Alto Networks firewall for DHCP relay requires that the DHCP session must symmetrically traverse the firewall
Verification:
Test on a client. For example, a Windows Client:
ipconfig /release
ipconfig /renew
ipconfig /all
Additional Information
Information of DHCP Relay (external link)