NETGEAR UTM5EW-100NAS, STM150EW-100NAS manual Dhcp Server, Dhcp Relay, DNS Proxy, 102

ProSecure Unified Threat Management (UTM) Appliance

DHCP Server

The default VLAN (VLAN 1) has the DHCP server option enabled by default, allowing the UTM to assign IP, DNS server, WINS server, and default gateway addresses to all computers connected to the UTM’s LAN. The assigned default gateway address is the LAN address of the UTM. IP addresses are assigned to the attached computers from a pool of addresses that you need to specify. Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN. When you create a VLAN, the DHCP server option is disabled by default.

For most applications, the default DHCP server and TCP/IP settings of the UTM are satisfactory.

The UTM delivers the following settings to any LAN device that requests DHCP:

•An IP address from the range that you have defined

•Subnet mask

•Gateway IP address (the UTM’s LAN IP address)

•Primary DNS server (the UTM’s LAN IP address)

•WINS server (if you entered a WINS server address in the DHCP Setup screen)

•Lease time (the date obtained and the duration of the lease).

DHCP Relay

DHCP relay options allow you to make the UTM a DHCP relay agent for a VLAN. The DHCP relay agent makes it possible for DHCP broadcast messages to be sent over routers that do not support forwarding of these types of messages. The DHCP relay agent is therefore the routing protocol that enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet. If you do not configure a DHCP relay agent for a VLAN, its clients can obtain IP addresses only from a DHCP server that is on the same subnet. To enable clients to obtain IP addresses from a DHCP server on a remote subnet, you need to configure the DHCP relay agent on the subnet that contains the remote clients, so that the DHCP relay agent can relay DHCP broadcast messages to your DHCP server.

DNS Proxy

When the DNS proxy option is enabled for a VLAN, the UTM acts as a proxy for all DNS requests and communicates with the ISP’s DNS servers (as configured on the WAN ISP Settings screens). All DHCP clients receive the primary and secondary DNS IP addresses along with the IP address where the DNS proxy is located (that is, the UTM’s LAN IP address). When the DNS proxy option is disabled for a VLAN, all DHCP clients receive the DNS IP addresses of the ISP but without the DNS proxy IP address. A DNS proxy is particularly useful in auto-rollover mode. For example, if the DNS servers for each WAN connection are different servers, then a link failure might render the DNS servers inaccessible. However, when the DNS proxy option is enabled, the DHCP clients can make requests to the UTM, which, in turn, can send those requests to the DNS servers of the active WAN connection. However, disable the DNS proxy if you are using a multiple WAN

LAN Configuration

102