General discussion

  • Creator
    Topic
  • #2297704

    DHCP Server on a firewall

    Locked

    by lino767 ·

    What is the benefit and risk of configuring a firewall as DHCP server for internal LAN?

All Comments

  • Author
    Replies
    • #2672139

      Reply To: DHCP Server on a firewall

      by ann777 ·

      In reply to DHCP Server on a firewall

      Benefit (and why most people do this) is that they are able to “share” an ip address that the Internet uses to communicate through. In other words, ip addresses are scarce and expensive… and if there are multiple computers internally that wish to get outside the LAN (to the Internet) then this is often the least expensive route to go.

      There are not really any “risks” per se. You just need to make sure that the static devices (printers or other devices connected directly to the network) are not in the DHCP range given to the firewall/router to hand out (ie. you should assign static ip addresses to these devices and not have those ip’s in the DHCP range).

    • #2670879

      Reply To: DHCP Server on a firewall

      by Anonymous ·

      In reply to DHCP Server on a firewall

      Don’t know what DHCP has to do with “Sharing addresses” as stated in Answer #1, I think he is talking about NAT/PAT.

      Neways, there are really no security risks in putting DHCP anywhere internally, as long as you don’t have more than one server per scope of IPs.

      Tech Forum:
      http://www.bbfree.com/Tech

    • #2670864

      Reply To: DHCP Server on a firewall

      by joshua.stroud ·

      In reply to DHCP Server on a firewall

      I thought that the only way for PCs on a LAN to “share” a public IP address was to connect the LAN to the internet through a proxy server or Firewall/Router using NAT. My understanding of TCP/IP is that DHCP just configures nodes automatically and has nothing to do with sharing anything.

      Anyhow, if you are using a firewall appliance that has NAT and a public IP address, there is no signifigant risk to using it as a DHCP server, provided that your firewall rules prohibit the addresses from being assigned to clients on the WAN side of the firewall (except for VPN clients), and the administration credentials are strong.

      The benefit is that you don’t have to burden one of your servers with the mundane task of having to serve DHCP requests in addition to the service that it already provides, thereby reducing server overhead.

    • #2671527

      Reply To: DHCP Server on a firewall

      by ewgny ·

      In reply to DHCP Server on a firewall

      Most firewalls have very limited capabilities, as far as being able to make reservations, administer scope options etc. So although not being a security risk, you may want to consider setting up a more capable DHCP Server

    • #2672623

      Reply To: DHCP Server on a firewall

      by lino767 ·

      In reply to DHCP Server on a firewall

      This question was closed by the author

Viewing 4 reply threads