Troubleshooting Tip: Host in different subnet not able to reach WDS server for PXE boot

Only a few steps are required on the FortiGate for PXE Boot in different subnets to work:

1. Configure a firewall policy to allow traffic from the LAN/VLAN on which the host is connected to the WDS LAN/VLAN:
   
   

To check which ports/services are required, see the following Microsoft Document: Network Ports Used.

2. On the Client LAN, DHCP Relay must be enabled pointing to the WDS server IP with the DHCP role enabled and properly configured to lease IP addresses for the client LAN. 
   
   

On Windows Server:

1. DHCP Scope for Client LAN:
   
   

2. DHCP scope options that must be added manually:

• 066: WDS Server IP.
• 067: '\Boot\x64\wdsnbp.com' (File located at C:\RemoteInstall\Boot\x64\wdsnbp.com on the WDS Server).
• 060: 'PXEClient'.

Result:

Contact the Microsoft support team for additional information on the Windows side.