Skip to main content
Coldfirex
Coldfirex
New Member
February 24, 2012
Question

DHCP Option 66 issue

  • February 24, 2012
  • 10 replies
  • 20103 views
Howdy, We are noticing an issue where a FGT80C is handling DHCP and we are handing out Option 66 and 67. Option 67 is handed out correctly, but the wrong IP address is handed out on option 66. No matter what Ip we use (converted to hex) the client always picks up the IP address of the FGT. Has anyone else seen this? We are running 4.2.9 currently. Thanks!

    10 replies

    FortiRack_Eric
    FortiRack_Eric
    New Member
    February 25, 2012
    Hi, We have been and are using option 66 and 49 for phones. and that works fine. the address in option 66 must be in hex like: AC1C0010 Cheers, Eric
    Coldfirex
    ColdfirexAuthor
    New Member
    February 25, 2012
    Thanks Eric. Ya, we are using the hex alright. Which firmware revision are you using it on?
    FortiRack_Eric
    FortiRack_Eric
    New Member
    February 27, 2012
    4.2.10 and 4.3.5, but we have been using it since 3.6.x Cheers, Eric
    Coldfirex
    ColdfirexAuthor
    New Member
    February 27, 2012
    Suck. Just upgraded to 4.2.10 and the pxe clients are still getting the LAN IP of the FGT. Support told me to upgrade to MR3 :(
    Matthijs
    Matthijs
    New Member
    February 28, 2012
    Did they explain why you should upgrade? And did they guarantee you that it will work in 4.3? There is really no other reason to upgrade and there are a lot of reasons not to upgrade ;)
    FortiRack_Eric
    FortiRack_Eric
    New Member
    February 28, 2012
    4.3.5 isn' t that bad, only for those who are trying to overstretch small boxes...
    Matthijs
    Matthijs
    New Member
    February 28, 2012
    The problem is that FortiNet allows these functions to be used on small boxes. There is no way to use flow-based profiles on the FortiGate60C but you can turn them on in the profiles. This causes memory to ho sky high. Indeed if you tune it well, 4.3.5 is working ok.
    Coldfirex
    ColdfirexAuthor
    New Member
    March 6, 2012
    Support was able to figure out a workaround for us. They had us create an internal VIP and fw policy that basically forwards the TFTP requests the Fortigate receives at our TFTP server. Strange that it was needed, but it worked!
    AmorFati7734
    AmorFati7734
    New Member
    March 8, 2012
    Coldfirex, Not meaning to hi-jack your thread but I' m having almost a similar issue and was wondering if you could provide more detail. I' m trying to setup a *nix based imaging solution and options 66 & 67 are to be set in the DHCP server. As far as I can tell in the documentation you need to convert all values from ascii to hex but nothing gets accepted from the GUI or the CLI. What did you end up inputting for 67? I' m supposed to set option 67 to " pxelinux.0" converted to hex > 7078656c696e75782e301f but that doesn' t work. Also, just leaving out option 67 and inputting option 66 (192.168.1.171 to hex > C0A801AB) doesn' t work either. Any more information you can provide would be helpful and appreciated although I do have a support ticket open. Just seeing if I can' t receive quicker information through the community. -Amor
    Coldfirex
    ColdfirexAuthor
    New Member
    March 9, 2012
    Do you mean that you have entered those settings and its not working, or the Fortigate wont accept the values you typed in? We used the web interface for this.
    Terms & ConditionsAccessibility statement