FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 197693
Description
DHCP Services Don't Start Upon L3 HA Failover for Single Appliances

Scope
Version:   Network Sentry 8.0.x
Solution
Version:  Network Sentry 8.0.x


Issue:  When L3 High Availability is configured for single appliances (NS500's or 600's), DHCP services do not start upon failover to the Secondary Server.  This is due to the empty scope for the Secondary Server eth1 interface not being included in dhcpd.conf.   

Example:
# Empty Scope Used to load DHCP on ETH1
subnet <primary eth1 interface network> netmask <mask> {

When High Availability is configured through the Administrative UI, the secondary empty scope is not written to dhcpd.conf.  The empty scope is needed to load the eth1 interface.

Note:  The secondary empty scope is properly included on Control Server/Application Server pairs.


Workaround:    
1.  Run Configuration Wizard on the Primary Server (must be in control).
2.  Navigate to Summary and click APPLY. 

Configuration Wizard will re-write the files and include the secondary empty scope.  The resulting dhcpd.conf file should have the secondary empty scope included:   

# Empty Scope Used to load DHCP on ETH1
subnet
<primary eth1 interface network> netmask <mask> {
}
# Empty Scope Used to load DHCP on ETH1 of HA'd appliance
subnet
<secondary eth1 interface network> netmask <mask> {


Solution:  Addressed in Network Sentry
8.0.6



Contributors