Netgear SRX5308 SRX5308 Reference Manual - Page 65
DHCP Relay, DNS Proxy, Gateway IP address the VPN firewall's LAN IP address - route between vlans
![]() |
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 65 highlights
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual The VPN firewall delivers the following settings to any LAN device that requests DHCP: • An IP address from the range that you have defined • Subnet mask • Gateway IP address (the VPN firewall's LAN IP address) • Primary DNS server (the VPN firewall's LAN IP address) • WINS server (if you entered a WINS server address in the DHCP Setup screen) • Lease time (the date obtained and the duration of the lease) DHCP Relay DHCP relay options allow you to make the VPN firewall a DHCP relay agent for a VLAN. The DHCP relay agent makes it possible for DHCP broadcast messages to be sent over routers that do not support forwarding of these types of messages. The DHCP relay agent is therefore the routing protocol that enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet. If you do not configure a DHCP relay agent for a VLAN, its clients can obtain IP addresses only from a DHCP server that is on the same subnet. To enable clients to obtain IP addresses from a DHCP server on a remote subnet, you must configure the DHCP relay agent on the subnet that contains the remote clients, so that the DHCP relay agent can relay DHCP broadcast messages to your DHCP server. DNS Proxy When the DNS Proxy option is enabled for a VLAN, the VPN firewall acts as a proxy for all DNS requests and communicates with the ISP's DNS servers (as configured on the WAN ISP Settings screens). All DHCP clients receive the primary and secondary DNS IP addresses along with the IP address where the DNS proxy is located (that is, the VPN firewall's LAN IP address). When the DNS Proxy option is disabled for a VLAN, all DHCP clients receive the DNS IP addresses of the ISP but without the DNS proxy IP address. A DNS proxy is particularly useful in auto-rollover mode. For example, if the DNS servers for each WAN connection are different servers, then a link failure might render the DNS servers inaccessible. However, when the DNS Proxy option is enabled, the DHCP clients can make requests to the VPN firewall, which, in turn, can send those requests to the DNS servers of the active WAN connection. However, disable the DNS proxy if you are using a dual-WAN configuration in auto-rollover mode with route diversity (that is, with two different ISPs) and you cannot ensure that the DNS server is available after a rollover has occurred. LAN Configuration 3-5 v1.0, April 2010
![](/manual_guide/products/netgear-srx5308-srx5308-reference-manual-43ed089/65.png)