Fetching IPs for cOS Core IP pools from a firewall's own DHCP server

Last modified on 24 Mar, 2023. Revision 10
This article explains how to configure an IP pool object in cOS Core that can fetch IPv4 addresses from the firewall itself. This involves setting up a local DHCP server in cOS Core that listens and responds to incoming DHCP requests from the IP pool.
Up to date for
cOS Core 14.00.09
Supported since
cOS Core 12.00.xx
Status OK
Author
Peter Nilsson & Johan Forsberg


Setup summary

When configuring, for example an IKE Config Mode Pool for an IPsec tunnel, the addresses can come from a configured IP Pool object. The purpose of an IP pool is to pre-fetch IP addresses from a DHCP server. This DHCP server can be an external server but it can also be a local DHCP server configured in the firewall itself. This article will go through the steps needed in order to use the firewall’s own DHCP server for the IP pool.

The article will not go into details about configuring, say, an IPsec tunnel using config mode, but will only focus on the setup of IP pools with DHCP servers.

Configuring a DHCP server in cOS Core

The DHCP server is created under Network→Network Services→DHCP server. The server needs to be configured to listen on the “Core” interface, as shown below. The Core interface indicates requests are arriving in the firewall itself rather than an actual interface.

Next, we select which IP address pool we want to use and this is the absolute minimum that is required.

Configuring an IP Pool

The IP pool object is created under Objects→Address Pool→IP pool , as shown in the screenshot below.

Since we want to use the firewall itself as the DHCP server for providing IP addresses to the pool, we use the “localhost” address (127.0.0.1) object as the server address.

All that now remains is to use this IP pool object with, for example, an IPsec tunnel’s Config Mode Pool object to hand out IP addresses to connecting roaming clients.

Checking IP pool status

To check the status of the IP pool and if it has been able to fetch and IP addresses from the internal DHCP server, the following CLI command can be used + resulting output example:

VSG-14:/> ippool -show

IP_Pool_DHCP_Local:
  In progress:
    0 instances
  Free maintained in pool:
    10.200.200.12/255.255.255.0 (00-00-00-00-00-00)
    10.200.200.11/255.255.255.0 (00-00-00-00-00-00)
    10.200.200.10/255.255.255.0 (00-00-00-00-00-00)
        
  Used by subsystems:

And in the above output we see that the IP pool has pre-fetched the IP addresses ending with 10, 11 and 12 from the internal DHCP server pool created earlier.

Checking DHCP server pool usage

The status of the DHCP server pool usage can be done using either the WebUI or the CLI as shown below.

VSG-14:/> dhcpserver -show -utilization
      
Utilization of the DHCP-Server ruleset IP pools:
#   Source      Pool                      Active clients  Utilization
-- ------------ ------------------------- --------------- ---------------
1   core        10.200.200.10-.20         3               27%
        
Total active clients: 3



Related articles

How to setup a simple cloud-init environment for testing
30 Nov, 2020 howto core cloud-init dhcp
Split tunneling with cOS Core L2TP/IPsec using an MS DHCP server
28 Mar, 2023 dhcp ipsec core



Tagscoreipsecippooldhcp