DHCP Relay allows Kaspersky NGFW to relay DHCP client requests from the local network to one or more external DHCP servers. DHCP Relay is used when the server is located in a different subnet or outside the VRF, which allows you to centrally manage the issuance of network settings. DHCP Option 82 allows adding source interface information to a DHCP request, which the server can use to make decisions.
The following DHCP Relay features are supported by Kaspersky NGFW:
Support of up to four DHCP servers on one interface.
Automatic addition of DHCP Option 82 to relayed DHCP requests.
Determining the path to the DHCP server using routes from the VRF within which a DHCP request was received.
DHCP Relay in Kaspersky NGFW works with the following limitations:
DHCP Relay can only be used on an interface that satisfies the following requirements:
The interface is a data plane interface.
The interface uses a static IP address and at least one IPv4 address must be specified.
DHCP Relay cannot be used on an interface if any of the following is true:
The interface is a dedicated management interface.
The interface is part of a high-availability cluster.
The interface is part of an L2 bridge.
The interface is used for only one DHCP Relay.
DHCP Relay is available only on interfaces in L3 mode.
Manually editing the content of DHCP Option 82 is not supported; all values are generated automatically.
Support within the VRF depends on the parameters of routing and interfaces.
You can manage DHCP Relay on the command line using the dhcp-relay family of commands. For a description of command families for configuring Kaspersky NGFW, see the Managing Kaspersky NGFW using the command line document.