Fetching IPs for cOS Core IP pool objects from a firewall's own DHCP server

Last modified on 21 Mar, 2023. Revision 7
This article explains how to configure an IP pool object in cOS Core that can fetch IP addresses from the firewall itself. This also includes setting up a local DHCP server that listens and responds to incoming DHCP requests from the firewall.
Up to date for
cOS Core 14.00.09
Supported since
cOS Core 12.00.xx
Status OK
Peter Nilsson & Johan Forsberg

Setup summary

When configuring, for example an IKE Config Mode Pool for an IPsec tunnel, the addresses can come from a configured IP Pool object. The purpose of an IP pool is to pre-fetch IP addresses from a DHCP server. This DHCP server can be an external server but it can also be a DHCP server configured in the firewall itself. This article will go through the steps needed in order to use the firewall’s own DHCP server for the IP pool.

The article will not go into details about configuring, say, an IPsec tunnel using config mode but will only focus on the setup of IP pools with DHCP servers.

Configuring a DHCP server in cOS Core

The DHCP server is created under Network→Network Services→DHCP server. The server needs to be configured to listen on the “Core” interface, as shown below. The Core interface indicates requests are arriving in the firewall itself rather than an actual interface.

Next, we select which IP address pool we want to use and that is the absolute minimum that is need

Configuring an IP Pool

The IP pool object is created under Objects→Address Pool→IP pool , as shown below.

Since we want to use the firewall itself as the firewall’s DHCP server to fetch IP addresses for the pool, we use the “localhost” address ( object as the server address.

All that remains is to use this IP pool object with, for example, a Config Mode Pool object used by an IPsec tunnel to hand out IP addresses to connecting roaming clients.

Checking IP pool status

To check the status of the IP pool and if it has been able to fetch and IP addresses from the internal DHCP server, the following CLI command can be used + resulting output example:

VSG-14:/> ippool -show

In progress:
0 instances
Free maintained in pool: (00-00-00-00-00-00) (00-00-00-00-00-00) (00-00-00-00-00-00)

Used by subsystems:

And in the above output we see that the IP pool has pre-fetched the IP addresses ending with 10, 11 and 12 from the internal DHCP server pool created earlier.

Checking DHCP server pool usage

The status of the DHCP server pool usage can be done using either the WebUI or the CLI as shown below.

VSG-14:/> dhcpserver -show -utilization

Utilization of the DHCP-Server ruleset IP pools:
# Source Pool Active clients Utilization
-- ------------ ------------------------- --------------- ---------------
1 core 3 27%

Total active clients: 3

Related articles

How to setup a simple cloud-init environment for testing
30 Nov, 2020 howto core cloud-init dhcp