FortiGate DHCP

Question

Hi Everyone!   Good day! I was trying to work with this scenario and anyone could help me if this is possible? See attached test.jpg. I have a FortiGate, a core switch, distribution switch and client pc. The goal is that FortiGate must act as the DHCP server of all the VLANS (10,20,30). I've already tried to create vlans on the FortiGate (same vlans from the core switch) and enabled dhcp. I already tried to allow all vlans from the core switch (trunk) going to the firewall. The result, the test client in vlan 30 can obtain IP from the firewall, but cannot access internet even firewall policy was already configured on the firewall (virtual interface (vlan30) to WAN)).   Best Regards, Kulas

Toshi_Esumi · Accepted Answer

My personal preference is to make the core switch as L2 switch for those three vlans, which eliminate one hop and DHCP relays to mainteain. I don't see any benefit "routing" through the switch instead of "switching", while the FGT is still take care of most necessary work. For management, the core switch still have vlan1 to get in.

Toshi_Esumi · Answer

The problem seems like the GW for all clients in three vlans are on the L3 core switch, which the FGT has direct L2 connection to all clients (that's how they get DHCP IPs). This means outgoing packets comes in vlan1 interface at the FGT, while returning/incoming packets are going out to each vlan10, 20, 30 interface from the FGT: asymmetric route -> drop. You need to move the GWs to the FGT on each vlan interface.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded