Setup summary
When configuring, for example an IKE Config Mode Pool for an IPsec tunnel, the addresses can come from a configured IP Pool object. The purpose of an IP pool is to pre-fetch IP addresses from a DHCP server. This DHCP server can be an external server but it can also be a local DHCP server configured in the firewall itself. This article will go through the steps needed in order to use the firewall’s own DHCP server for the IP pool.
The article will not go into details about configuring, say, an IPsec tunnel using config mode, but will only focus on the setup of IP pools with DHCP servers.
Configuring a DHCP server in cOS Core
The DHCP server is created under Network→Network Services→DHCP server. The server needs to be configured to listen on the “Core” interface, as shown below. The Core interface indicates requests are arriving in the firewall itself rather than an actual interface.
Next, we select which IP address pool we want to use and this is the absolute minimum that is required.
Configuring an IP Pool
The IP pool object is created under Objects→Address Pool→IP pool , as shown in the screenshot below.
Since we want to use the firewall itself as the DHCP server for providing IP addresses to the pool, we use the “localhost” address (127.0.0.1) object as the server address.
All that now remains is to use this IP pool object with, for example, an IPsec tunnel’s Config Mode Pool object to hand out IP addresses to connecting roaming clients.
Checking IP pool status
To check the status of the IP pool and if it has been able to fetch and IP addresses from the internal DHCP server, the following CLI command can be used + resulting output example:
VSG-14:/> ippool -show
IP_Pool_DHCP_Local:
In progress:
0 instances
Free maintained in pool:
10.200.200.12/255.255.255.0 (00-00-00-00-00-00)
10.200.200.11/255.255.255.0 (00-00-00-00-00-00)
10.200.200.10/255.255.255.0 (00-00-00-00-00-00)
Used by subsystems:
And in the above output we see that the IP pool has pre-fetched the IP addresses ending with 10, 11 and 12 from the internal DHCP server pool created earlier.
Checking DHCP server pool usage
The status of the DHCP server pool usage can be done using either the WebUI or the CLI as shown below.
VSG-14:/> dhcpserver -show -utilization
Utilization of the DHCP-Server ruleset IP pools:
# Source Pool Active clients Utilization
-- ------------ ------------------------- --------------- ---------------
1 core 10.200.200.10-.20 3 27%
Total active clients: 3
Related articles
30 Nov, 2020 howto core cloud-init dhcp
28 Mar, 2023 dhcp ipsec core