DESCRIPTION:
This article describes how to create a DHCP dynamic lease scope without binding it to any interface of the SonicWall UTM appliance. Such a lease scope can have an IP address range not configured on any interface of the SonicWall. This would be helpful in environments where the administrator requires GVC users to have IP addresses in a separate subnet.
RESOLUTION:
DHCP Configuration in SonicWall
- Login to your SonicWall management page and click Manage tab on top of the page.
- Navigate to Network | DHCP Server settings page, make sure Enable DHCPv4 Server checkbox enabled.
- Click Add Dynamic button under DHCPv4 Server Lease Scopes section to get DHCP Server Configuration window.
- Update correct Range Start & Range End along with Default Gateway (Including subnet mask). Configure a different DHCP range instead of interface assigned subnet.
- Click OK .
NOTE: Do not enable the check box Interface Pre-Populate. - New DHCP Scope will be created as below with interface as N/A.
DHCP over VPN Settings:
- Navigate to Manage tab and go to VPN | DHCP over VPN page.
- Under DHCP over VPN section, Select Central Gateway from drop-down box and click Configure button.
- In DHCP over VPN Configuration Window, enable Use Internal DHCP Server checkbox.
- Enable For Global VPN Client checkbox.
- Relay IP Address (optional): Add one of the IP address under for DHCP over VPN configurations.
- Click OK .
- Following the above configuration, GVC clients will be leased an IP address from the range 192.168.10.x. If VPN Access List is configured, GVC users will be able to access the resource/s added in it.
RESOLUTION FOR SONICOS 6.2 AND BELOW
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer, we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
- Login to the SonicWall management GUI.
- Navigate to the Network | DHCP Server.
- Enable check box Enable DHCP Server at the top, if not already checked. Click Accept.
- Click Add Dynamic to bring up the Dynamic Range Configuration window.
- Enable check box Enable this DHCP Scope.
- Enter IP addresses under Range Start and Range End. These IP addresses must not be configured on any interface of the SonicWall.
- Enter Lease Time.
- Enter the Default Gateway (This is optional).
- Enter the Subnet Mask. This must be left blank if Default Gateway is not selected.
NOTE: Do not enable the check box Interface Pre-Populate.
By using the Relay IP Address option with an interface independent DHCP Lease Scope, GVC clients can be served IP Addresses from the dedicated pool above. To use this DHCP scope for GVC clients, perform the following:
- Navigate to the VPN | DHCP over VPN page.
- Click Configure under Central Gateway to bring up the DHCP over VPN Configuration.
- Enable check box Use Internal DHCP Server.
- Enable check box For Global VPN Client.
- Enter an IP address outside the DHCP scope defined above under Relay IP Address.
- Following the above configuration, GVC clients will be leased an IP address from the range 192.168.168.x. If VPN Access List is configured, GVC users will be able to access the resource/s added in it.