General discussion

Locked

DHCP Server on a firewall

By Lino767 ·
What is the benefit and risk of configuring a firewall as DHCP server for internal LAN?

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Ann777 In reply to DHCP Server on a firewall

Benefit (and why most people do this) is that they are able to "share" an ip address that the Internet uses to communicate through. In other words, ip addresses are scarce and expensive... and if there are multiple computers internally that wish to get outside the LAN (to the Internet) then this is often the least expensive route to go.

There are not really any "risks" per se. You just need to make sure that the static devices (printers or other devices connected directly to the network) are not in the DHCP range given to the firewall/router to hand out (ie. you should assign static ip addresses to these devices and not have those ip's in the DHCP range).

Collapse -

by Lino767 In reply to

Poster rated this answer.

Collapse -

by -Q-240248 In reply to DHCP Server on a firewall

Don't know what DHCP has to do with "Sharing addresses" as stated in Answer #1, I think he is talking about NAT/PAT.

Neways, there are really no security risks in putting DHCP anywhere internally, as long as you don't have more than one server per scope of IPs.

Tech Forum:
www.bbfree.com/Tech

Collapse -

by Lino767 In reply to

Poster rated this answer.

Collapse -

by joshua.stroud In reply to DHCP Server on a firewall

I thought that the only way for PCs on a LAN to "share" a public IP address was to connect the LAN to the internet through a proxy server or Firewall/Router using NAT. My understanding of TCP/IP is that DHCP just configures nodes automatically and has nothing to do with sharing anything.

Anyhow, if you are using a firewall appliance that has NAT and a public IP address, there is no signifigant risk to using it as a DHCP server, provided that your firewall rules prohibit the addresses from being assigned to clients on the WAN side of the firewall (except for VPN clients), and the administration credentials are strong.

The benefit is that you don't have to burden one of your servers with the mundane task of having to serve DHCP requests in addition to the service that it already provides, thereby reducing server overhead.

Collapse -

by Lino767 In reply to

Poster rated this answer.

Collapse -

by ewgny In reply to DHCP Server on a firewall

Most firewalls have very limited capabilities, as far as being able to make reservations, administer scope options etc. So although not being a security risk, you may want to consider setting up a more capable DHCP Server

Collapse -

by ewgny In reply to

limited "DHCP" capabilities

Collapse -

by Lino767 In reply to

Poster rated this answer.

Collapse -

by Lino767 In reply to DHCP Server on a firewall

This question was closed by the author

Back to Networks Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums