TABLE OF CONTENTS In addition to performing its traditional firewall functions such as filtering traffic, the PIX firewall can also provide a variety of other services. These services are a convenient way to get added value from your firewall; rather than having to set up separate servers and applications to deliver these servers to your network, the firewall becomes an all-in-one appliance.
DHCP is a convenient method of providing required configuration parameters to network nodes, such as IP address, default gateway, DNS servers, and WINS servers. Rather than configuring these parameters manually on every client, DHCP allows the configuration details to be set centrally, in this case on the PIX firewall, and then assigned to each node as required.
The PIX firewall is capable of acting as a DHCP server to a node connected to any of its interfaces. The firewall is also capable of acting as a DHCP relay server, where it forwards DHCP requests from clients to another DHCP server. Finally, the firewall has DHCP client functionality, allowing for the configuration of its own network parameters based on another DHCP server on the network.
You can configure the PIX firewall to issue IP addresses, as well as information such as DNS and WINS servers, the default gateway, and a DNS domain name. The process for configuring DHCP is relatively straightforward: define your parameters associated with an interface. Do not forget to enable DHCPD on the appropriate interface!
In Figure 7.1, we have four networks for which...
