FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff
Article Id 194358

Description
When a DHCP server is configured on a FortiGate port or VLAN, the DHCP IP Range must be in the same subnet as the port or the VLAN IP subnet.

If a secondary IP address is added to the port or the VLAN, the DHCP IP range can NOT belong to this secondary IP subnet.

Scope
All FortiOS

Solution
Example of port configuration :

config system interface
    edit "port2"
        set vdom "root"
        set ip 10.10.10.1 255.255.255.0
        set type physical
            config secondaryip
                edit 1
                    set allowaccess ping
                    set ip 10.11.11.1 255.255.255.0
                next
            end
    next
end




Corresponding DHCP configuration example :

config system dhcp server
    edit "DHCP server net_10"
        set default-gateway 10.10.10.1
        set interface "port2"
        set lease-time 300
        set netmask 255.255.255.0
        set end-ip 10.10.10.101
        set start-ip 10.10.10.100
    next
end




This DHCP setting  will *not* work :

        set end-ip   10.11.11.101
        set start-ip 10.11.11.100









Contributors