Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
auppal
Staff
Staff

Created on ‎04-01-2024 12:10 AM Edited on ‎04-01-2024 12:11 AM By Community Manager

Article Id 307456

Technical Tip : DHCP Option 61 changes in FortiOS versions v7.0.13+ / 7.2.6+ / 7.4.1+

Description

 

This article describes the DHCP Option 61 changes in v7.0.13+, v7.2.6 + and v7.4.1.

 

Scope

 

FortiGate v7.0.13 and above, v7.2.6 and above v7.4.1 and above.

Solution

 

According to the RFC 2132: https://datatracker.ietf.org/doc/html/rfc2132#section-9.14

 

Option 61 format should be :
   
     Code Len Type Client-Identifier
   +-----+-----+-----+-----+-----+---
    |   61 |   n   |    t1 |   i1  |   i2  | ...
   +-----+-----+-----+-----+-----+---

 

 

It includes the field 'Type' as well in option 61, however, FortiGate did not send it in DHCP discover to the DHCP server. 


For example:
Up to Firmware v7.0.12, v7.2.5, and v7.4.0, the following is a capture of DHCP Discover forwarded to the DHCP relay agent IP by the FortiGate:


Dynamic Host Configuration Protocol (Discover)

    Message type: Boot Request (1)

    Hardware type: Ethernet (0x01)

    Hardware address length: 6

    Hops: 1

    Transaction ID: 0x2a6d5c3f

    Seconds elapsed: 0

    Bootp flags: 0x0000 (Unicast)

    Client IP address: 0.0.0.0

    Your (client) IP address: 0.0.0.0

    Next server IP address: 0.0.0.0

    Relay agent IP address: X.X.X.X

    Client MAC address: x.x.x.x.

    Client hardware address padding: 00000000000000000000

    Server host name not given

    Boot file name not given

    Magic cookie: DHCP

    Option: (53) DHCP Message Type (Discover)

    Option: (57) Maximum DHCP Message Size

    Option: (61) Client identifier    <----

        Length: 12

 

Starting from firmware v7.0.13+, v7.2.6+, and v7.4.1+, the FortiGate forwards the DHCP Discover packets to the DHCP relay agent IP with Type field in the Option (61): Client identifier:

Dynamic Host Configuration Protocol (Discover)

    Message type: Boot Request (1)

    Hardware type: Ethernet (0x01)

    Hardware address length: 6

    Hops: 1

    Transaction ID: 0x5f9db612

    Seconds elapsed: 0

    Bootp flags: 0x0000 (Unicast)

    Client IP address: 0.0.0.0

    Your (client) IP address: 0.0.0.0

    Next server IP address: 0.0.0.0

    Relay agent IP address: X.X.X.X

    Client MAC address: (0X:1X:BX:5X:7X:dX)

    Client hardware address padding: 00000000000000000000

    Server host name not given

    Boot file name not given

    Magic cookie: DHCP

    Option: (53) DHCP Message Type (Discover)

    Option: (57) Maximum DHCP Message Size

    Option: (61) Client identifier

        Length: 13

        Type: 0   <----

        Client Identifier: 192.168.53.4

 

In this scenario, the DHCP server would receive the client identifier as \000192.168.53.4. If the DHCP server is not configured to allow these NULL characters before the client identifier, the server may fail to respond to the DHCP Discovers.

In this case, the DHCP server from InfoBlox is used. On that DHCP server, there is an option to enable 'Match null (\0) at beginning of DHCP client identifier' which would then accept the client identifier value prepended with NULL characters.

 

Other DHCP servers may have the option to accept the Type field in the Client identifier.

199
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.