Configuring the ISA Firewall as a DHCP Server
Some organizations may want the ISA firewall to act more like a traditional SOHO router, where the ISA firewall acts as a DHCP Server for the corporate network. You can install the DHCP service on the ISA firewall and create Access Rules that allow the ISA firewall to provide IP addressing information to hosts on the corporate network.
We will assume that you have already installed the DHCP server. The next step is to configure the ISA firewall to allow the DHCP Request and DHCP replies with messages required to assign corporate network clients IP addressing information.
Perform the following steps to create the DHCP Request Access Rule:
In the Microsoft Internet Security and Acceleration Server 2004 management console, expand the server name, and then click the Firewall Policy node. In the Task pane, click the Tasks tab. Click the Create a New Access Rule link.
On the Welcome to the New Access Rule Wizard page, enter a name for the rule in the Access Rule name text box. In this example, we'll name the rule DHCP Request. Click Next.
Select the Allow option on the Rule Action page. Click Next.
On the Protocols page, select the Selected protocols option from the This rule applies to list. Click Add.
In the Add Network Entities dialog box, click the Infrastructure folder, and then double-click the DHCP Request entry. Click Close.
Click Next on the Protocols page.
On the Access Rule Sources page, click Add.
In the Add Network Entities dialog box, click the Networks folder, and double-click the Internal entry. Click Close.
Click Next on the Access Rule Sources page.
On the Access Rule Destinations page, click Add.
In the Add Network Entities dialog box, click the Networks folder and double click the Local Host entry. Click Close.
Click Next on the Access Rule Destinations page.
Click Next on the User Sets page.
Click Finish on the Completing the New Access Rule Wizard page.
Click Apply to save the changes and update the firewall policy.
Click OK in the Apply New Configuration dialog box.
The next step is to create the DHCP Reply Access Rule:
Right-click the DHCP Request rule, and click Copy.
Right-click the DHCP Request rule, and click Paste.
Double-click on the DHCP Request (1) rule, and click Properties.
On the General tab of the DHCP Request (1) rule, change the name of the rule to DHCP Reply in the Name text box.
Click the Protocols tab. Click the DHCP (request) entry, and click Remove. Click Add. In the Protocols dialog box, click the Infrastructure folder, and double-click the DHCP (reply) entry. Click Close.
Click the From tab. Click the Internal entry, and click the Remove button. Click the Add button. In the Add Network Entities dialog box, click the Networks folder, and double-click the Local Host entry. Click Close.
Click the To tab. Click the Local Host entry, and click Remove. Click Add. In the Add Network Entities dialog box, click the Networks folder, and double-click the Internal entry. Click Close.
Click Apply, and then click OK.
Click Apply to save the changes and update the firewall policy.
Click OK in the Apply New Configuration dialog box.
This configuration allows the DHCP server on the ISA firewall to provide IP addressing information to hosts on the Internal Network.
Warning | The DHCP server will also be able to provide IP addresses to VPN clients. However, you cannot install the DHCP Relay Agent on the ISA firewall and allow VPN clients to obtain DHCP options |