NG Firewall can either act as a DHCP server itself or can relay incoming DHCP requests to a specified server.
Note about versions: DHCP relay is only available in NG Firewall 17.0 or higher.
DHCP serving and relay are enabled & configured on a per-interface basis. This means you can have one (or more!) interfaces using DHCP, while others rely on statically assigned addresses. This can be useful if you have an interface which only has manually-assigned addresses, such as an interface which hosts only VoIP phones, IoT devices, or other "miscellaneous" network apparatus.
DHCP serving and DHCP relay are mutually exclusive. You cannot enable both on a single interface.
Our Interfaces documentation provides more specific details about the options available in a given interface's configuration: NG Firewall Documentation & FAQ - Interface Configuration
Enabling DHCP serving on an internal interface
Go to Config > Network > Interfaces and click Edit for the internal interface you would like to have act as a DHCP server. Select the DHCP Configuration tab and select the Server option to activate DHCP serving.
Note that only Addressed interfaces can have DHCP enabled; Bridged interfaces cannot themselves be DHCP servers. A bridged interface "inherits" the DHCP server status of its parent, so it will use the same DHCP settings as its parent.
These are the settings available on that tab.
|Range Start||The first IP address available to assign. If your interface IP is .1, it is recommended to use .2 for this value.|
|Range End||The last IP address available. (The highest valid entry is .254, as the subnet's broadcast IP cannot be assigned.)|
|Lease Duration||Determines when a given lease expires and must be re-requested by the client device.|
|Gateway Override||Optional. Use this value if you want to specify a different gateway than the interface IP address.|
|Netmask Override||Optional. Use this value to specify a different gateway netmask to be provided as part of the lease.|
Optional. Use this value to specify up to two different DNS servers, separated by a comma and no space.
If you do not enter an Override here, the NG Firewall will provide its own interface IP as the DNS server.
Note that the range must be within the subnet assigned to the interface itself. For example, if the interface's IP address is 192.168.100.1/24, the interface can only serve DHCP leases in the 192.168.100.x subnet. To increase the allowed size of the DHCP pool, increase the size of the subnet assigned to the interface itself. (For example, a 172.16.0.1/23 network encompasses 172.16.0.0 through 172.16.1.255.)
Configuring DHCP relay on an internal interface
Go to Config > Network > Interfaces and click Edit for the internal interface you would like to have relay DHCP requests. Select the DHCP Configuration tab and select the Relay option to activate DHCP relay.
Enter the IP address of the DHCP server in the Relay Host Address field.