For details on cookie usage on our site, read our Privacy Policy
Is it possible to enable DHCP-Server on Management Interface?
- LIVEcommunity
- Discussions
- General Topics
- Re: Is it possible to enable DHCP-Server on Management Interface?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Is it possible to enable DHCP-Server on Management Interface?
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-18-2013 03:24 AM
Hi, I would like to know, if there is a way to enable DHCP-Server on management interface? We are using another interface for management so we could enable DHCP-Server on the dedicated management interface. In case of need we can establish a physical connection between the management interface and a laptop.
- Labels:
-
Configuration
-
Management
-
Set Up
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-02-2013 06:51 AM
Hi, of course there are many ways and workarounds to handle this. The reason for my question is to make it easier for our admins to connect to the device in case of loosing any other connection. (I haven't tried so far, but I think it is possible to deny the access through policy rules??) So, if I could use DHCP on management interface I could easily plug in my notebook and get a new connection without rembering IP-settings on this interface. It is more or less playing around, we will use it without DHCP on management interface.
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-02-2013 07:50 AM
In that case I would setup static ip on the mgmt interface and connect that to your mgmt network and at the same time create a management profile which only allows ssh/https/ping and connect that to a dedicated dataplane interface (like the last one or so) along with setup a dhcp server profile which you attach to the same dedicated dataplane interface.
Dont forget to put this in its own VSYS if possible (along with its own VROUTER).
This way your technician(s) can use either the dedicated mgmt-network OR connect directly to the PA device on the last dataplane interface (or which one you choose) by DHCP.
Another method is to simply use static ip on the mgmt dataplane interface (along with VSYS and VROUTER) - this way your technician(s) knows that last interface always uses 10.0.0.1/24 (or whatever) and is for mgmt being directly attached when you have physical access to the box.
The point of VSYS/VROUTER is to isolate it as much as possible from the other dataplane interfaces.
- PA-850 Management port in Next-Generation Firewall Discussions
- DNS resolution for management interface not working after upgrade to 10.2.3 in Next-Generation Firewall Discussions
- Question about Management Interface in General Topics
- DHCP WAN nat to loopback interface for restricted management in General Topics
- Check the maximum number of permitted ip addresses in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
