Using a TZ400 firewall as a local sites DHCP Server.
We are using a TZ400 as a local DHCP server at all of our remote locations. The issue is, the TZ400 is config to use the following scope: issue IP addresses in this range: 192.168.XXX.130 to 192.168.XXX.210. Gateway is : 192.168.XXX.1 DNS is 192.168.XXX.1 and/or 192.168.0.8 or 10.2.10.82. The X's in the 3rd octet represents the remote location id. For example: 192.168.1.1 = remote location 1, 192.168.02.1 = remote location 2, 192.168.12.1 = remote location 12, etc.... The issue is this when a a client connects to the network at the remote location. the ip address the client receives is from the corp office and not the remote site. To make matters even weirder, if the client at the remote site obtains a ip address from the corp office and the ip address is already in use. I don't get any ip conflict issue. I have compare the setting with a few of the remote site and nothing sticks out as being different or unusual. any thought?
Answers
@MIS_ShopperWorld Sounds to me like you have DHCP over VPN setup for your remote locations, or a IP helper policy directing DHCP requests to your 'corp office' DHCP server. Check settings under VPN \ DHCP over VPN, and Network \ IP Helper.
I would recommend against using the TZ400 IP address as a DNS server, all DNS should be going to your 'corporate' DNS server.
Hope that helps.
Hi @MIS_SHOPPERWORLD,
Thank you for visiting SonicWall Community.
How exactly your clients are connecting to remote locations? Please let me know if its via GVC or SSLVPN. Does the clients should always get IP address from only remote offices to which ever they connect?
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
The remote clients are located at the remote locations. The clients do not use either GVP or SSL VPN. They are placed directly on the network connected to a switch and the switch is connected to the AZ400.
I confirmed IP helper is not enable. As for DHCP over VPN there are no current DHCP leases over VPN and no options are config. The option displayed is "Centeral Gateway". Am I supposed to config any of these options? I do not want the DHCP clients going outside of the local Sonic wall for any ip addresses.
Hi @MIS_SHOPPERWORLD,
Thanks for your answers.
Are these Corp and Remote sites are interconnected via VPN or any routing (Static or Dynamic)? The issue sounds weird. We may need to work on this in real-time to find the root cause.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
@MIS_ShopperWorld Let's break it down.
How are the remote locations connected to the corporate office: site to site VPN, fiber, other? What is the IP subnet of the corporate office?
Since you do NOT want DHCP coming from the corporate office, do not use IP Helper or DHCP over VPN options. In VPN \ DHCP Over VPN, click the configure button and verify no options are enabled. Ensure the TZ400s DHCP Server is enabled, and you have a Dynamic scope configured on the correct interface.
Some tests:
Break/disable the connection to the corporate office temporarily. Do clients get a DHCP address from the TZ400?
If you cannot break the corporate connection: Configure a new Zone, configure a physical interface in that zone with a completely unique IP subnet, then create DHCP Dynamic scope for that new interface and IP subnet. If you connect a device to that interface, it should receive a DHCP address from the Sonicwall.
Let us know.