I always like to talk about what a firewall will do. But sometimes I have to talk about what a firewall won't do. Today, it's PFSense's day to get this kind of talk.
I have a lot of customers that run DHCP on the firewall. Right, wrong, or indifferent doesn't matter for this conversation. What does matter is that Pfsense will do DHCP for any directly connected network. What it won't do is DHCP for a non directly connected network. Is that a need for some people? Yes. Is that the firewalls job to do? It doesn't matter if that's what the customer wants. I personally wouldn't do it there, but in reality, it doesn't really matter. If the firewall goes down, you have bigger problems than DHCP.
So why doesn't PFSense do DHCP for non connected networks? I don't know the answer. What I do know is that other vendors, like Palo Alto and Sonicwall will do DHCP for non directly connected networks. It's not the end of the world, but just something to note.
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.