Fetching IPs for cOS Core IP pool objects from a firewall's own DHCP serverLast modified on 21 Mar, 2023. Revision 7
|Up to date for||
cOS Core 14.00.09
cOS Core 12.00.xx
Peter Nilsson & Johan Forsberg
When configuring, for example an IKE Config Mode Pool for an IPsec tunnel, the addresses can come from a configured IP Pool object. The purpose of an IP pool is to pre-fetch IP addresses from a DHCP server. This DHCP server can be an external server but it can also be a DHCP server configured in the firewall itself. This article will go through the steps needed in order to use the firewall’s own DHCP server for the IP pool.
The article will not go into details about configuring, say, an IPsec tunnel using config mode but will only focus on the setup of IP pools with DHCP servers.
Configuring a DHCP server in cOS Core
The DHCP server is created under Network→Network Services→DHCP server. The server needs to be configured to listen on the “Core” interface, as shown below. The Core interface indicates requests are arriving in the firewall itself rather than an actual interface.
Next, we select which IP address pool we want to use and that is the absolute minimum that is need
Configuring an IP Pool
The IP pool object is created under Objects→Address Pool→IP pool , as shown below.
Since we want to use the firewall itself as the firewall’s DHCP server to fetch IP addresses for the pool, we use the “localhost” address (127.0.0.1) object as the server address.
All that remains is to use this IP pool object with, for example, a Config Mode Pool object used by an IPsec tunnel to hand out IP addresses to connecting roaming clients.
Checking IP pool status
To check the status of the IP pool and if it has been able to fetch and IP addresses from the internal DHCP server, the following CLI command can be used + resulting output example:
VSG-14:/> ippool -show
Free maintained in pool:
Used by subsystems:
And in the above output we see that the IP pool has pre-fetched the IP addresses ending with 10, 11 and 12 from the internal DHCP server pool created earlier.
Checking DHCP server pool usage
The status of the DHCP server pool usage can be done using either the WebUI or the CLI as shown below.
VSG-14:/> dhcpserver -show -utilization
Utilization of the DHCP-Server ruleset IP pools:
# Source Pool Active clients Utilization
-- ------------ ------------------------- --------------- ---------------
1 core 10.200.200.10-.20 3 27%
Total active clients: 3
30 Nov, 2020 howto core cloud-init dhcp
2 Dec, 2022 dhcp ipsec core