DHCP Scope Options for Mobile VPN Clients
The DHCP options for VPN Clients is very limited.
Please introduce the ability to add DHCP options to VPN Users, or the ability to relay this to another DHCP on the network.
0
Sign In to comment.
Comments
Hi @DaveDave
I'm unsure if this is feasible, but I'd be happy to put in a feature request for you.
Would you be able to provide an example of what you're wanting to use it for, and what DHCP options you need?
Thank you,
-James Carson
WatchGuard Customer Support
Hi James.
Sorry I have been away from this thread for some time.
I've hit this limitation a number of times now mainly working with larger networks trying to support Domain Joined and Non Domain Joined devices while providing access to internal network resources.
We need the ability to point VPN clients to a DHCP server, rather than using a static pool of addresses in the Watchguard.
So whether this is a DHCP Relay option to point internally to another DHCP Server (may be path of least resistance).
Or if we can have the ability to add options to the DHCP scope that the Watchguard can provide, e.g:
In some instances we need to provide Contractors with different information compared with normal users, but with a Single Firewall with SSLVPN we can only support one set of DNS information.
Whether this could be worked around by enabling multiple "instances" of the SSL config bound to different WAN IP's, or if we can provide different information to the users based on the Security Groups that they connect in on, eg: SSLVPN-Users = Full Access with Core DNS information and DNS Suffix where as SSLVPN-ContractorUsers = Limited Access with Separate DNS and Separate DNS Suffix information.
We have a few other clients that are multi-forest but use shared infrastructure, and only having the ability to set one DNS suffix is limiting.
Thanks,
Dave.