Outside interface on a firewall static address or dhcp?

neil0367389 · ‎07-10-2024

Hello all,

I hope all is well.

I am working on a project in which I am configuring an ASA 5508-X firewall. I just wanted to gauge what peoples opinions on what is best practice.

In terms of the outside interface on the firewall should I configure it with:

1) Static ip address

2) Or let the interface lease an ip address from DHCP

Currently, it is leasing an ip address from DHCP.

Thank you

MHM Cisco World · ‎07-10-2024

This not optional' it depend on SP you connect to

It can give you static Public IP to use or ask you to run ppppe or dhcp.

MHM

neil0367389 · ‎07-11-2024

Many thanks for your input.

Rob Ingram · ‎07-10-2024

@neil0367389 In most deployments I use a static IP address for all firewall interfaces (inside, outside etc).

If your ISP gives you the same IP address via DHCP, then it would not matter if it is static or DHCP. However they may require you to use DHCP if you are not allocated the same IP address.

neil0367389 · ‎07-11-2024

I was thinking something similar to what you have said thank you

MHM Cisco World · ‎07-11-2024

This as I mention not optional

One issue you will face if you use static IP instead of using dhcp even if you receive same IP is defualt route

How you will know the next hop of default route if you use static IP?

Where if you use dhcp the ISP push defualt route with correct next hop to your FW.

So again contact ISP before applying any option

MHM