It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure an ISP with Dynamic IP Addresses (DHCP)

  • Last updated on

If your ISP assigns the IP address via a DHCP server, configure a DHCP interface on the port the ISP is plugged into. The Barracuda CloudGen Firewall supports up to twelve DHCP connections. You can operate a DHCP connection in active or standby mode. In active mode, the link is automatically brought up during the network activation process. In standby mode, the link is dormant until it is activated by a command line script. For each link, you can configure separate connection details, and routing and monitoring settings.

dhcp_wan-01.png

Before You Begin

Before creating the Internet connection, verify which port you are using to connect to your ISP. This port is subsequently used exclusively for the DHCP connection. No other IP addresses or routes may use it. The port is renamed to dhcp.

Step 1. Create a DHCP Connection

  1. Go to CONFIGURATION > Configuration Tree  > Box > Network.
  2. In the left menu, select xDSL/DHCP.
  3. Click Lock.
  4. Set DHCPv4 Enabled to Yes.
  5. In the DHCPv4 Links table, click + to add an entry.
  6. Enter a Name for the link and click OK. The DHCPv4 Links window opens.
  7. Select the interface the ISP is connected to in the DHCP Interface list. E.g., p2
  8. If you want to use the DNS servers provided by your ISP, set Use Provider DNS to Yes.
    WAN-dhcp-01.png
  9. Click OK.
  10. Click Send Changes and Activate.

Step 2. (optional) Configure Dynamic DNS for the DHCP Link

  1. Go to CONFIGURATION > Configuration Tree  > Box > Network.
  2. In the left menu, select xDSL/DHCP.
  3. Click Lock.
  4. In the DHCPv4 Links table, edit the entry.
  5. (optional) Enable Use Dynamic DNS if you are using a dyndns.org account for dynamic DNS:
  6. Click Set. The Dynamic DNS Params window opens.
  7. Select a dynamic DNS Service Type. For information about available DynDNS service types, see http://dyn.com/dns/.
  8. Enter the Dyn DNS Name that was registered at dyndns.org.
  9. Enter User Access ID and Access Password for accessing the server as defined during registration at dyndns.org.

    Changing the MX setting is not recommended. If required, see www.dyndns.org for detailed information.

  10. Click OK.
  11. Click OK.
  12. Click Send Changes and Activate.

Step 3. (optional) Configure Routing Settings

Configure the routes and routing tables for the DHCP link. Enable Advanced View to change these settings.

  1. Go to CONFIGURATION > Configuration Tree > Box > Network.
  2. In the left menu, select xDSL/DHCP.
  3. In the left Configuration menu, select Switch to Advanced.
  4. Click Lock.
  5. In the DHCPv4 Links table, edit the entry.
  6. In the Routing section,
    • Disable Own Routing Table to route all traffic to the target networks through this DHCP interface, or
    • Enable Own Routing Table to specify which networks should be routed through the interface.
      1. Add the Source Networks (IP/mask notation; for a single host, enter 32 as netmask, e.g. 192.168.0.55/32).
      2. Enable Clone Routes to clone the dynamic routes to the main or default table. This setting is useful for setups where application-based selection (explicit binding in a firewall rule) of a traffic path is supposed to coexist with link failover (proxy dynamic).
  7. Enable Create Default Route to automatically introduce the default route if it is assigned by the provider.
    • When disabling Create Default Route, specify the Target Networks that will be reachable through the interface. If your route should be set dynamically when the DHCP connection is established, add 0.0.0.0/0 to the Target Networks table.
  8. Select Advertise Route when using dynamic routing protocols such as OSPF/RIP/BGP.
  9. Select Untrusted as the Trust Level.
  10. Specify the route preference number in the Route Metric field if multiple ISP connections are available.
  11. Enable GRE with Assigned IP if you want to create a PPTP server listening on the dynamic IP address.
  12. Click OK.
  13. Click Send Changes and Activate.

Step 4. (optional) Configure Connection Monitoring

The connection is monitored by pinging a remote IP address every 20 seconds. When none of the configured remote reachable IPs answer to two ICMP probes, the connection is either terminated or the routing metric is increased, depending on which Unreachable Action is set. If the connection is terminated, the Barracuda CloudGen Firewall will attempt to connect until the connection is re-established successfully.

  1. Go to CONFIGURATION > Configuration Tree  > Box > Network.
  2. In the left menu, select xDSL/DHCP.
  3. In the left Configuration menu, select Switch to Advanced.
  4. Click Lock.
  5. In the DHCPv4 Links table, edit the entry.
  6. In the Reachable IPs table, add at least one target IP address that will be regularly pinged to monitor the availability of the connection. Target IP addresses must be accessible only via the DHCP connection.
  7. Select the Unreachable Action to be taken if the connection cannot be established. The following options are available:
    • Restart – Restarts the DHCP connection.
    • Increase-Metric – Changes the preference for DHCP routes until the probe succeeds.
  8. Click OK.
  9. Click Send Changes and Activate.

The DHCP link is now listed in DHCPv4 Links table.

Step 5. Activate the Network Changes

You must activate the network changes to bring up the ISP connection with a dynamic IP address.

  1. Go to CONTROL > Box.
  2. In the left menu, expand the Network section and click Activate new network configuration.
  3. Click Failsafe.

Your DHCP connection is now established and the IP address assigned by your ISP is visible on the CONTROL > Network page. All status icons next to the DHCP link are green, indicating an active connection. If the DHCP connection is your primary uplink, the default route uses the connection information from your DHCP interface. If more than one default route is present, the connection with the lowest route metric is used.

dhcp.png

Operating a DHCP Link in Standby Mode

In standby mode, activation and subsequent monitoring of the link must be triggered externally. Standby mode also combines HA setups for HA DHCP connections. In standby mode,

  1. The involved routes are set to pending state, and it is not checked whether they are established.
  2. The configuration is completely run through, but the connection is not established. 

Connections are handled from the command-line interface via a server-side script:

  • Start all DHCP connections – /etc/phion/bin/openxdhcp start &
  • Stop all DHCP connections – /etc/phion/bin/openxdhcp stop &
  • Start an explicit DHCP connection – /etc/phion/bin/openxdhcp start *linkname* &
  • Stop an explicit DHCP connection – /etc/phion/bin/openxdhcp stop *linkname* &