This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Use DHCP relay with GlobalProtect

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Use DHCP relay with GlobalProtect

Go to solution
MarcelST
L3 Networker

‎05-18-2020 05:27 AM

Hi,

I've been doing some research on the option of using DHCP relay on Palo Alto for all the GlobalProtect gateways, and i'ts not clear to me if it's possible or not.

 

The thing is, we want to enable Secure DNS records registration for the GlobalProtect IP network pools, but because currently the Palo Altos are the ones providing the IP, instead of doing DHCP relay to our internal DHCP servers, we can't enable it.

7 people had this problem.
1 accepted solution

Accepted Solutions

Go to solution
OwenFuller
L4 Transporter

‎05-22-2020 07:21 AM

I don't think GP supports giving addresses to clients via DHCP.  When clients connect to the gateway, they're forming a point-to-point tunnel.  This tunnel has an IP address and a subnet mask of 255.255.255.255 that the client uses to identify the tunnel, and the tunnel interface on the firewall may not even have an IP address to use as a default gateway.  It's not quite the same as just handing the client an address, subnet mask, gateway, etc. from DHCP in a traditional layer 3 network.

These forum posts, while older, seem to support this, and I have never seen any documentation about using DHCP instead of IP pools on GP.

https://live.paloaltonetworks.com/t5/general-topics/dhcp-relay-for-globalprotect/td-p/205699
https://live.paloaltonetworks.com/t5/general-topics/global-protect-dhcp-config/td-p/228635

View solution in original post

1 REPLY 1

Go to solution
OwenFuller
L4 Transporter

‎05-22-2020 07:21 AM

I don't think GP supports giving addresses to clients via DHCP.  When clients connect to the gateway, they're forming a point-to-point tunnel.  This tunnel has an IP address and a subnet mask of 255.255.255.255 that the client uses to identify the tunnel, and the tunnel interface on the firewall may not even have an IP address to use as a default gateway.  It's not quite the same as just handing the client an address, subnet mask, gateway, etc. from DHCP in a traditional layer 3 network.

These forum posts, while older, seem to support this, and I have never seen any documentation about using DHCP instead of IP pools on GP.

https://live.paloaltonetworks.com/t5/general-topics/dhcp-relay-for-globalprotect/td-p/205699
https://live.paloaltonetworks.com/t5/general-topics/global-protect-dhcp-config/td-p/228635

  • 1 accepted solution
  • 7686 Views
  • 1 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks