FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmanea
Staff
Staff
Article Id 197856

Description

 

This article describes how to configure FortiGate as a DHCP server via both GUI and CLI.

In large environments, it is difficult to assign static IP addresses for each user individually.
Hence, the DHCP server is used to provide dynamic IP to each host in the network.


Solution

 

A DHCP server provides an address from a defined address range to a client on the network, when requested.
There is a possibility to configure one or more DHCP servers on any FortiGate interface.


A DHCP server dynamically assigns IP addresses to hosts on the network connected to the interface.
The host computers have to be configured to obtain their IP addresses using DHCP.

A FortiGate interface can also be configured as a DHCP relay.
The interface forwards DHCP requests from DHCP clients to an external DHCP server and returns the responses to the DHCP clients.
The DHCP server must have appropriate routing so that its response packets to the DHCP clients arrive at the unit.

Refer to the below steps to configure the FortiGate interface as a DHCP server from GUI.

Step 1: Go to Network -> Interface.
Step 2: On 'Edit the Interface', enable the option 'DHCP Server'  and select 'create new'.
Step 3: Give the range (starting and End IP).
Step 4: Provide the Netmask, Default Gateway, and DNS.


In order to add a DHCP server from CLI:

config system dhcp server
    edit 1
        set dns-service default
        set default-gateway 192.168.1.1
        set netmask 255.255.255.0
        set interface "port1"
            config ip-range
                edit 1
                    set start-ip 192.168.1.2
                    set end-ip 192.168.1.254
                next
            end
    next
end
 
Note.
The 'DHCP server' option cannot be enabled/used on DMZ interfaces.
For the interfaces with DMZ role, DHCP server and Security mode are not available (by design).
If a DHCP server is required on that physical interface, change its role from DMZ to LAN, WAN, or Undefined.
 

Related document:

Interface settings 6.4.4
Interface settings 6.2.7

DHCP server 7.0.4

DHCP servers and relays 7.2.5

Basic configuration