DHCP-Server IPv4

Setting up the DHCP server for an IPv4 network

Last adaptation to the version: 14.1.1 (11.2025)

New:

Neuer Abschnitt Erweiterte Einstellungen bei Pool bearbeiten

The dialog design has been revised

notempty

This article refers to a Beta version

14.1.0 14.0.3 12.6 12.5 12.4 11.8.4 11.7

Prepare IP address ranges

Network configuration UTMuser@firewall.name.fqdnNetwork Network interfaces

For the firewall to function as a DHCP server in a network, a fixed IP from the network range must be configured on the corresponding interface. In this example, IP addresses are assigned in network 192.168.222.0/24. To achieve this, an IP from this network is added to the interface. LAN3 → → IP addresses → In the selection box, enter or select the IP address from the desired network with the desired subnet mask, if applicable. Here 192.168.222.1/24

Set up DHCP server

DHCP

General

Caption	Value	Description	Network configuration UTMuser@firewall.name.fqdnNetwork DHCP-Pools
Enable detailed logging: notempty New	Off	When activated, all DHCP requests are recorded in the syslog
DHCP-Pools DHCP-Pools Multiple DHCP pools can be added. After clicking Add Pool, the setup wizard opens and the DHCP parameters can be specified.
Ignore other SDHCP-Servers:	Off	When activated, other DHCP servers notempty New: IPv4 and IPv6 are ignored
If more than 1000 IP addresses (across all pools together) are required via DHCP, the number of possible leases must be increased. This is done in the menu Extras Advanced Settings Area Extc Variables with the variable MAXLEASES. The value 0 corresponds to the default value of the service: 1000 leases. If more leases are required, the actual value must be entered here. Edit

Step 1: Name and IP range

Step 1 requires the Name for the pool and the valid IP range for the DHCP.
In the example, the following IP addresses are assigned
Pool start address: 192.168.222.150/---
Pool end address: 192.168.222.170/---

Step 2: Nameserver

In step 2, the DNS server for the DHCP clients can be specified.
Either the IP of a public DNS server or the IP of the firewall itself can be entered here. In this example, the clients use the firewall itself as DNS.notempty

In order for the UTM to also answer the DNS queries from the internal network, a corresponding rule is required.

Step 3: Router + Options

In step 3 of the wizard, the default gateway of the DHCP clients is specified.
Caution: Normally, the IP of the firewall is always entered here.notempty

An incorrect entry in this field may prevent access to the Internet!

Edit pool

After the pool has been created correctly, the pool start and end address can be changed and other parameters of the DHCP pool can be set up to be passed to the DHCP client.

General

Edit pool UTMuser@firewall.name.fqdnNetworkNetwork configuration Edit pool general area

Changes to the pool range start and pool range end possible

Options - DHCP Optionen

Option	Option number	Value	Description	Edit pool UTMuser@firewall.name.fqdnNetworkNetwork configuration Edit pool general area
Router:	3	»192.168.222.1	Router configured as in step 3
Domain name:	15	securepoint.local	Name of the domain in which the DHCP leases are assigned
Domain name server:	5	»192.168.222.1	Name server as configured in step 2
Netbios name server:	44		NetBIOS over TCP/IP Name Server Option
SMTP-Server:	69		Simple Mail Transport Protocol (SMTP) Server Option
NTP Server:	41		Servers should be listed in order of preference.
Vendor Encapsulated Options:	43		Values must be given coded.
TFTP Server Name:	66	profile.gigaset.net	The IPv4 address, or the hostname of the TFTP server option tftp-server-name text;
Bootfile Name:	67		The name of the bootfile file option bootfile-name text;
Default URL:	114	https://teamwork.gigaset.com/gigawiki/display/GPPPO/DHCP+option+114	Default URL option default-url string;
VLAN ID:	132		The ID of the VLAN used option vlan-id code 132 = text; option vlan-id "128";
Next Server:			The IPv4 address of the Next server If the value is missing, TFTP may not work.
Default Lease Time:	51	600 Seconds	Default validity period of the IP address if the client has not requested an explicit duration.
Maximal Lease Time:		7200 Seconds	Maximum validity period of the IP address in seconds that the client may receive when explicitly requested.
Reject unknown clients:		No	If activated Yes, an IP address is only assigned if there is a entry at Static DHCP tab for the MAC address of the client. notempty Changed standard behaviourab v12.7: The static lease entry for the DHCP must be in the same pool to be considered known. The static lease entry for the DHCP must be in the same pool to be considered known.

Erweiterte Einstellungen

notempty New as of: 14.1.1
Falls weitere DHCP-Einstellungen vorgenommen werden sollen, kann mittels der Schaltfläche Option hinzufügen in dem sich öffnendem Dialogfenster aus allen 256 möglichen Optionen eine ausgewählt und deren Wert eingegeben werden.			Pool Option hinzufügen UTMuser@firewall.name.fqdnNetworkNetwork configurationEdit pool

Caption	Value	Description	Edit pool UTMuser@firewall.name.fqdnNetworkNetwork configuration Erweiterte Einstellungen mit einer eingestellten DHCP-Option
ID	5	Die ID der DHCP-Option Im Dialogfenster wird beim Hovern beim -Icon deren RFC-Nummer angezeigt
Name	Name Servers	Der Name der DHCP-Option
Value	192.168.222.1	Der Wert der DHCP-Option. Je nach ausgewählter DHCP-Option kann ein anderer Werttyp benötigt werden.

Static DHCP

If hosts are to be assigned predefined IP addresses ( fixed IPs bound to the MAC address, but assigned by the UTM), these IPs can be reserved with static leases:
Configuration under Network Network Configuration Area Static DHCP button Add Lease

Host:	MaxMustermann-Laptop	Meaningful host name	Add lease UTMuser@firewall.name.fqdnNetworkNetwork configuration Dialogue Add lease
Ethernet:	12:34:56:78:90:AB	MAC address of the host
IP:	192.168.222.111/---	IP address to be reserved exclusively for this host
Save and close		Saves and accepts the lease and closes the creation dialogue.

notempty Important: Leases must necessarily be in an existing DHCP pool!			Network configuration UTMuser@firewall.name.fqdnNetwork Static DHCP
notempty Joint use of static and dynamic IP addresses within a pool is possible.

Static leases outside a pool

Existing static leases that are not within a DHCP pool must be changed! If such leases are detected after an update, a message is displayed prompting to adjust the DHCP settings. It ist now possible that either the leases are adapted and relocated in existing pools or additional DHCP pools are created that contain static leases or existing DHCP pools are extended so that they include static leases			Warning at login

Configuration of DHCP-Relay

With the DHCP relay, devices can receive their network configuration dynamically via the network, even if the DHCP server is located in another subnet.

Caption	Value	Description	Network Configuration UTMuser@firewall.name.fqdnNetwork Network configuration DHCP relay overview
activate Debug mode: notempty New as of v12.7.1	Off	Log messages are only written when activated On
DHCP Relay IPv4 DHCP Relay IPv4
DHCP server IP addresses:notempty updated Multiple entries possible	»192.168.178.1	IP addresses of the DHCP server/s The network/s in which the servers are located must be known to the UTM.
DHCP-Relay Client Side Interfaces:	LAN2	Interfaces for which the DHCP server is to be responsible.
DHCP Relay IPv6 DHCP Relay IPv6
DHCP-Relay Server Side Interfaces:	LAN1	Interface behind which a DHCP-v6 server is located.
DHCP-Relay Client Side Interfaces:	LAN2	Interfaces for which a DHCP-v6 server is to be responsible.

Widget

In the administrator interface of the UTM, there is a DHCP widget that provides an overview of the existing DHCP connections.
Further information can be found in the Wiki article UTM Widgets.

Prepare IP address ranges

Set up DHCP server

General

DHCP-Pools

Edit pool

General

Options - DHCP Optionen

Erweiterte Einstellungen

Static DHCP

Static leases outside a pool

Configuration of DHCP-Relay

DHCP Relay IPv4

DHCP Relay IPv6

Widget