- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Configuring IP Helper to use multiple DHCP servers on the same VLAN
10/14/2021 
45 People found this article helpful
127,127 Views
Description
Because DHCP clients find their local DHCP server by broadcasting, it is usually considered important to only have one DHCP server per broadcast domain (VLAN), to avoid duplicate IP addresses and other conflicts.
However, only having one DHCP server means a single point of failure, so some networks are designed to use 2 or more DHCP servers on the same VLAN to achieve redundancy if one fails.
This can be achieved by 2 methods:
1. By carefully configuring the DHCP servers with address pools that are in the same subnet, but not overlapping.
2. By using Microsofts DHCP Failover
Cause
This presents a problem for SonicWall's IP Helper. It does not allow multiple policies to be created with the same "From" address, so how can it forward clients DHCP traffic to a second DHCP server if the first one fails?
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
1. Create an Address Object Group which contains the IP addresses of all the DHCP servers that are in the same VLAN.
2. Create an IP Helper DHCP policy as usual, but in the "To" field, instead of the IP address of a single DHCP server, put the Address Object Group created above:
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
1. Create an Address Object Group which contains the IP addresses of all the DHCP servers that are in the same VLAN.
2. Create an IP Helper DHCP policy as usual, but in the "To" field, instead of the IP address of a single DHCP server, put the Address Object Group created above:
Related Articles
- Accessing resources across network using Point to Point link
- Unable to access the junk summary URL using TCP port 10080
- ICMP Redirect force to change the routing table
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall NSA Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall SuperMassive E10000 Series
YES
NO