How to Configure a DHCP Relay on Palo Alto Networks Firewall

How to Configure a DHCP Relay on Palo Alto Networks Firewall

179164
Created On 09/25/18 17:27 PM - Last Modified 06/15/23 22:06 PM


Symptom


This document describes the steps to configure a DHCP relay on the Palo Alto Networks firewall.

Environment


  • Palo Alto Firewall
  • Supported PAN-OS
  • DHCP Relay


Resolution


The following example scenario will be used in the configuration. Steps are also documented at Configure DHCP relay

Screen Shot 2014-06-23 at 4.39.30 PM.png

 

  1. Configure which interface will be acting as DHCP relay (for example, Trust E1/5)
    • From the Web UI, go to Network > DHCP > DHCP Relay
    • Click Add and configure the IP address of the DHCP server
    • Up to four DHCP Server IP addresses can be configured.
dhcp.JPG
  1. Configure security rules to allow DHCP traffic between zones:
    • Trust to Trust - for client to/from DHCP Relay interface communication (broadcast/unicast)
    • Trust to DMZ - for DHCP Relay interface to/from DHCP Server Communication (unicast)
      Example of a configured security policy:
      Screen Shot 2014-06-23 at 1.12.02 PM.png
  2. Commit


Note: Using a Palo Alto Networks firewall for DHCP relay requires that the DHCP session must symmetrically traverse the firewall

Verification:

Test on a client. For example, a Windows Client:

ipconfig /release
ipconfig /renew
ipconfig /all
 

 

 


Additional Information


Information of DHCP Relay (external link)

Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFXCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language