DHCP Relay allows Kaspersky NGFW to relay DHCP client requests from the local network to one or more external DHCP servers. DHCP Relay is used when the server is located in a different subnet or outside the VRF, which allows you to centrally manage the issuance of network settings. DHCP Option 82 allows adding source interface information to a DHCP request, which the server can use to make decisions.
The following DHCP Relay features are suported by Kaspersky NGFW:
Support of up to four DHCP servers on one interface.
Specifying interfaces through which Kaspersky NGFW sends requests to DHCP servers.
Automatic addition of DHCP Option 82 to relayed DHCP requests.
Support for VRF functionality if routing is configured.
DHCP Relay in Kaspersky NGFW works with the following limitations:
DHCP Relay can only be used on an interface that satisfies the following requirements:
The interface is a data plane interface.
The interface uses a static IP address and at least one IPv4 address is specified.
DHCP Relay cannot be used on an interface that has the following roles:
The interface is a dedicated management interface.
The interface is part of a cluster.
The interface is part of an L2 bridge.
The interface is used for only one DHCP Relay.
The maximum number of DHCP Relays on a device is limited by the MaxDHCPRelays parameter.
DHCP Relay is available only on interfaces in L3 mode.
Manually editing the content of DHCP Option 82 is not supported; all values are generated automatically.
Support within the VRF depends on the parameters of routing and interfaces.
You can manage DHCP Relay on the command line using the dhcp-relay family of commands. For a description of command families and a link to the complete list of Kaspersky NGFW configuration commands, see the Managing Kaspersky NGFW using the command line document.