Vsys DHCP Enhancement Overview

Dynamic Host Configuration Protocol (DHCP) was designed to reduce the demands on network administrators by automatically assigning the TCP/IP settings for the hosts on a network. Instead of requiring administrators to assign, configure, track, and change (when necessary) all the TCP/IP settings for every machine on a network, DHCP does it all automatically. Furthermore, DHCP ensures that duplicate addresses are not used, reassigns unused addresses, and automatically assigns IP addresses appropriate for the subnet on which a host is connected.

NSM allows you to configure DHCP message relay from one or multiple DHCP servers to clients within a virtual system (vsys). You can configure DHCP message relay on an interface that is available to a virtual system.

If you have two DHCP servers, server 1 and server 2, a security device, sitting between the DHCP servers and a client, individually passes DHCP requests to each DHCP server on different outgoing interfaces. As each DHCP reply is received, the security device passes them to the root vsys and then forwards them to the appropriate DHCP client within a vsys.

To configure DHCP with vsys:

  1. Create a vsys.
  2. Enable DHCP for that vsys.
  3. Configure a static route to allow the DHCP server in the root system to access the vsys.
  4. Set security policies in the vsys.

For more details on DHCP server configuration and settings, see the Concepts & Examples ScreenOS Reference Guide.

Related Documentation