FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
The article describes how to identify the DHCP trap information on the SNMP manager (OID).
Scope
FortiGate.
Solution
If the device does not obtain IP from the DHCP server, it is possible to see trap messages by using SNMP:
If the DHCP server runs out of the pool.
IP conflict.
DHCP client interface received nak.
These are below oid used to get trap information about DHCP:
OID
TRAPS
DESCRIPTION
1.3.6.1.4.1.12356.101.23.3.1.0
fgDhcpTrapType
DHCP trap type, there are 3 different values as below: runOutOfIPPool(1) - The DHCP server runs out of the IP pool. conflict (2) - IP address is already in use. receivedNAK(3) - DHCP client interface received nak.
1.3.6.1.4.1.12356.101.23.3.2.0
fgDhcpTrapMessage
DHCP trap message including some optional server info.
1.3.6.1.4.1.12356.101.23.3.3.0
fgDhcpServerId
An ID that uniquely identifies a DHCP server within a vdom.
For more troubleshooting, collect the output on ports 67 and 68:
diag sniffer packet <interface_name/any> "port 67 or port 68" 6 0 l
