Configuring IPv4 DHCP Relay on Security Gateways

You can configure DHCP Relay on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. on the Security Gateway in either Gaia PortalClosed Web interface for the Check Point Gaia operating system., or Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)..

If the interface is enabled for DHCP relay, you can set up a number of DHCP Servers, to which to forward BOOTP/DHCP requests.

Important:

Configuring IPv4 DHCP Relay in Gaia Portal

  1. With a web browser, connect to GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal at:

    https://<IP address of Gaia Management Interface>

    If you changed the default port of Gaia Portal from 443, then you must also enter it (https://<IP address>:<Port>).

  2. From the left navigation tree, click Advanced Routing > DHCP Relay.

  3. Click Add.

  4. Select Enable.

  5. In the Interface field, select the interface, on which you want to enable BOOTP/DHCP Relay.

  6. Optional: Enter values for one or more of these parameters:

    • Primary Address

    • Wait Time

    • Maximum Hops

    Parameter

    Description

    Primary Address

    The IPv4 address to use as the BOOTP/DHCP router address.

    If you enter an IPv4 address, all BOOTP/DHCP requests received on the interface are stamped with this IPv4 address.

    This can be useful on interfaces with multiple IPv4 addresses (aliases).

    Default: First IPv4 address assigned to the interface.

    Wait Time

    The minimum time to wait (in seconds) for a local configuration server to answer the boot request before forwarding the request through the interface.

    This delay provides an opportunity for a local configuration server to reply before attempting to relay to a remote server.

    Set the wait time to a sufficient length to allow the local configuration server to respond before the request is forwarded.

    If no local server is present, set the time to zero (0).

    Range: 1-65535

    Default: 0

    Maximum Hops

    Configures the maximum number of hops for IPv4 BOOTP/DHCP requests.

    The IPv4 DHCP Relay increments the hop count of a BOOTP/DHCP request and then compares it against the maximum hop count. The IPv4 DHCP Relay discards the request if the maximum hop count is exceeded.

    Range: 1-16

    Default: 4

  7. In the Relays section, define the IPv4 address of each relay, to which you want to forward BOOTP/DHCP requests. This can be an IPv4 unicast, multicast, or broadcast address.

    You can configure relay to multiple configuration servers independently on each interface.

    Configuring different servers on different interfaces provides load balancing, while configuring multiple servers on a single interface provides redundancy.

    Note - This IPv4 address cannot be an address that belongs to the local machine.

    For each relay:

    1. Click Add

    2. In the IPv4 address field, enter the IPv4 address of the relay.

    3. Click OK.

  8. Click Save.

  1. From the left navigation tree, click Advanced Routing > DHCP Relay.

  2. Select the interface.

  3. Click Edit.

  4. In the Relays section:

    1. Select the server.

    2. Click Delete.

  5. Click Save.

  1. From the left navigation tree, click Advanced Routing > DHCP Relay.

  2. Select the interface.

  3. Click Delete.

Configuring IPv4 DHCP Relay in Gaia Clish

  • To see the available "set" commands for IPv4 DHCP Relay, enter in Gaia Clish:

    set bootp interface[Esc][Esc]

  • To see the available "show" commands for IPv4 DHCP Relay, enter in Gaia Clish:

    show bootp interface[Esc][Esc]

set bootp interface <Name of Interface>

      maxhopcount {<1-16> | default}

      {off | on}

      primary {<IPv4 Address of Interface> | default} wait-time {<1-65535> | default} on

      relay-to <Destination IPv4 Address> {off | on}

Parameter

Description

<Name of Interface>

Specifies the interface, on which you want to enable IPv4 DHCP Relay.

maxhopcount {<1-16> | default}

Configures the maximum number of hops for IPv4 BOOTP/DHCP requests.

The IPv4 DHCP Relay increments the hop count of a BOOTP/DHCP request and then compares it against the maximum hop count. The IPv4 DHCP Relay discards the request if the maximum hop count is exceeded.

Range: 1-16

Default: 4

{off | on}

Disables (off) or enables (on) BOOTP/DHCP Relay on the specified interface.

primary {<IPv4 Address of Interface> | default}

The IPv4 address to use as the BOOTP/DHCP router address.

If you enter an IPv4 address, all BOOTP/DHCP requests received on the interface are stamped with this IPv4 address.

This can be useful on interfaces with multiple IPv4 addresses (aliases).

Default: First IPv4 address assigned to the interface.

wait-time {<1-65535> | default}

The minimum time to wait (in seconds) for a local configuration server to answer the boot request before forwarding the request through the interface.

This delay provides an opportunity for a local configuration server to reply before attempting to relay to a remote server.

Set the wait time to a sufficient length to allow the local configuration server to respond before the request is forwarded.

If no local server is present, set the time to zero (0).

Range: 1-65535

Default: 0

relay-to <Destination IPv4 Address> {off | on}

Specifies the IPv4 address of each relay, to which you want to forward BOOTP/DHCP requests. This can be an IPv4 unicast, multicast, or broadcast address.

You can configure relay to multiple configuration servers independently on each interface.

Configuring different servers on different interfaces provides load balancing, while configuring multiple servers on a single interface provides redundancy.

Note - This IPv4 address cannot be an address that belongs to the local machine.

  1. Connect to the command line.

  2. Log in to Gaia Clish.

  3. Configure the interface, on which you want to enable IPv4 DHCP Relay:

    set bootp interface <Name of Interface> on

  4. Configure the IPv4 address of each relay, to which you want to forward IPv4 BOOTP/DHCP requests:

    set bootp interface <Name of Interface> relay-to <Destination IPv4 Address> on

  5. Optional: Configure values for one or more of these parameters:

    • Primary Address

    • Wait Time

    • Maximum Hops

    set bootp interface <Name of Interface>

          maxhopcount {<1-16> | default}

          primary {<IPv4 Address of Interface> | default} wait-time {<1-65535> | default} on

  6. Save the configuration:

    save config

  1. Connect to the command line.

  2. Log in to Gaia Clish.

  3. Disable the IPv4 BOOTP/DHCP Relay destination on the interface:

    set bootp interface <Name of Interface> relay-to <Destination IPv4 Address> off

  4. Save the configuration:

    save config

  1. Connect to the command line.

  2. Log in to Gaia Clish.

  3. Disable the IPv4 BOOTP/DHCP Relay on the interface:

    set bootp interface <Name of Interface> off

  4. Save the configuration:

    save config