DHCP Scope Options for Mobile VPN Clients

The DHCP options for VPN Clients is very limited.

Please introduce the ability to add DHCP options to VPN Users, or the ability to relay this to another DHCP on the network.


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @DaveDave

    I'm unsure if this is feasible, but I'd be happy to put in a feature request for you.

    Would you be able to provide an example of what you're wanting to use it for, and what DHCP options you need?

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • Options

    Hi James.

    Sorry I have been away from this thread for some time.

    I've hit this limitation a number of times now mainly working with larger networks trying to support Domain Joined and Non Domain Joined devices while providing access to internal network resources.

    We need the ability to point VPN clients to a DHCP server, rather than using a static pool of addresses in the Watchguard.

    So whether this is a DHCP Relay option to point internally to another DHCP Server (may be path of least resistance).

    Or if we can have the ability to add options to the DHCP scope that the Watchguard can provide, e.g:

    • Option 43 Vendor Specific Information
    • Option 121 Classless Static Routes

    In some instances we need to provide Contractors with different information compared with normal users, but with a Single Firewall with SSLVPN we can only support one set of DNS information.

    Whether this could be worked around by enabling multiple "instances" of the SSL config bound to different WAN IP's, or if we can provide different information to the users based on the Security Groups that they connect in on, eg: SSLVPN-Users = Full Access with Core DNS information and DNS Suffix where as SSLVPN-ContractorUsers = Limited Access with Separate DNS and Separate DNS Suffix information.

    We have a few other clients that are multi-forest but use shared infrastructure, and only having the ability to set one DNS suffix is limiting.



Sign In to comment.