Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
911
Views
0
Helpful
2
Replies

Renewing DHCP Discussion on FDM

bmurphree@myemma.com
Level 1
Level 1

‎03-29-2022 07:13 AM

So, this is an old issue I brought up roughly two years ago, and I still don't see an end in sight.
DHCP configuration limitations inside the NGFW through FDM are still lame. The lack of these two crucial features to me is debilitating.

  1. Cannot configure per-DHCP pool DNS servers.
  2. Cannot configure a hybrid of DHCP pools and DHCP-Relay agents.

As a result, we left Cisco competitor firewalls at each site to continue performing DHCP duties (of which the Cisco firewalls were to replace). Now, I get it that firewalls aren't typically the solution to the DHCP challenges, but Cisco doesn't seem to realize the need for supporting these flexibilities at smaller sites where only a firewall is the router and perimeter security. While there are some other ways around these challenges, Cisco has deliberately crippled one of the most useful functions of a firewall at smaller sites where no servers exist (for security reasons, I might add).

Are there any reasonable alternatives aside from deploying a Raspberry Pi (which our security team will not allow for good reason).

RFC 1925
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎03-29-2022 12:32 PM

This is more of feature request to BU, if this is on demand in the market cisco BU consider and adopt in the newer version oif code

 

Personally this is more of FW , these features should be out of the box is best.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

bmurphree@myemma.com
Level 1
Level 1
In response to balaji.bandi

‎03-29-2022 01:09 PM

Thanks! So what do you suggest is the best alternative to this scenario without buying additional hardware, or weakening firewall rules?


Needs:

  • BYOD requires separate DNS servers from employees.
  • Employees are in different security realms where some can use DHCP-Relay, while others can use a vanilla DHCP server.
  • We do not wish to deploy other OS-based systems at each site, which requires patching and additional support.

Thanks for your help.

RFC 1925
0 Helpful
Review Cisco Networking for a $25 gift card
Top