Technical Tip: How to configure FortiGate as DHCP server
Description
This article describes how to configure FortiGate as a DHCP server via both the GUI and the CLI.
In large environments, it is difficult to assign static IP addresses for each user individually. Hence, the DHCP server is used to provide a dynamic IP address to each host in the network.
Scope
FortiGate.
Solution
A DHCP server provides an address from a defined address range to a client on the network when requested. There is a possibility to configure one or more DHCP servers on any FortiGate interface.
A DHCP server dynamically assigns IP addresses to hosts on the network connected to the interface.
The host computers have to be configured to obtain their IP addresses using DHCP.
A FortiGate interface can also be configured as a DHCP relay.
The interface forwards DHCP requests from DHCP clients to an external DHCP server and returns the responses to the DHCP clients.
The DHCP server must have appropriate routing so that its response packets to the DHCP clients arrive at the unit.
It is possible to enable DHCP relay under Network -> Interface, as shown below.
Refer to the steps to configure the FortiGate interface as a DHCP server from the GUI.
Step 1: Go to Network -> Interface.
Step 2: On 'Edit the Interface', enable the option 'DHCP Server'.
Step 3: Once the 'DHCP Server' option is enabled, the Address range, Netmask, Default Gateway, Lease time, and DNS Server are auto-filled as per the IP Class, based on the IP address provided in the IP/Network Mask field.
Step 4: If the above parameters need to be re-configured, then those fields can be individually edited.
edit 1
set dns-service default
set default-gateway 192.168.1.1
set netmask 255.255.255.0
set interface "port1"
config ip-range
edit 1
set start-ip 192.168.1.2
set end-ip 192.168.1.254
next
end
next
end
As of v7.4.0, the DHCP server includes a shared subnet feature that allows FortiGate to dynamically allocate IP addresses from multiple subnets on the same interface or VLAN. It automatically switches to a different DHCP server or pool when the primary pool is full, offering increased flexibility in IP allocation for high-demand environments without requiring additional configurations.
config system dhcp server
edit <id>
set shared-subnet {enable | disable}
set relay-agent <IP_address>
next
end
A FortiGate interface can also be configured as a DHCP relay.
The interface forwards DHCP requests from DHCP clients to an external DHCP server and returns the responses to the DHCP clients.
The DHCP server must have appropriate routing so that its response packets to the DHCP clients arrive at the unit.
DHCP relay can be enabled under Network -> Interface as shown below.
execute dhcp lease-list
Note:
- The 'DHCP server' option cannot be enabled/used on DMZ interfaces. For the interfaces with the DMZ role, the DHCP server and Security mode are not available (by design). If a DHCP server is required on that physical interface, change its role from DMZ to LAN, WAN, or Undefined.
- The DHCP server cannot be configured on Loopback interfaces.
- It is not possible to have two interfaces configured for the same DHCP server.
- An interface can be configured as a DHCP server AND a DHCP relay at the same time. If the interface is configured as a DHCP server before and needs to be changed to a DHCP relay only, the DHCP server configuration needs to be fully deleted; otherwise, the clients will receive DHCP offers from both the FortiGate and the relayed server.
Technical Tip: Understanding DHCP Server and DHCP Relay functionality on FortiGate
Technical Tip: Diagnosing DHCP on a FortiGate
Related documents:
DHCP servers and relays
Troubleshooting Tip: DHCP Server option not showing on interface GUI