Skip to main content
Oluf
Oluf
New Member
May 26, 2016
Question

Fortigate WAN DHCP problem

  • May 26, 2016
  • 1 reply
  • 56695 views

Hi.

 

The "new" equipment from our local ISP delivers public IP's only by DHCP. We have a strange problem that keep happening from time to time. All of a sudden the Fortigate stops getting a new DHCP lease and we loose WAN connectivity.

 

Troubleshooting done by the ISP: Shutting the port which the Fortigate is connected to. Put the CPE in router mode with another subnet and dhcp scope and back to bridge mode again. Nothing helps.

 

 

The ISP says they get the dhcp request, sends the offer, but it looks like the Fortigate "closes its ears" and does not get the offer, from their point of view. When rebooting the Fortigate everything comes back up as normal. The strange thing is that when this first happens, it usually happens 2-3 times in a row when the lease expires, then it can work perfectly for months. This has so far happened on remote systems with companies that can not wait for me to get out there and debug on the Fortigate side, so we have just had to have some local people go over there and power cycle the Fortigate to get internet up and running again. So i have no debug info from the Fortigate.

 

So far this problem has shown itself on 60D, 90D and 300D. Firmware version 5.2.3, 5.2.4 and 5.2.5. I have googled the problem and have not found anyone that has this exact same problem. The release notes of said versions and those before/after does not include any known or resolved issues related to the Fortigate as a DHCP client.

 

The ISP says they have had a few other customers have this problem as well, and they also had Fortigates. Could this be some kind of bug between Fortigate and the DHCP server software the ISP is running?

 

This happened to a 90D today running 5.2.4, i will upgrade this one to 5.2.7 and see if that makes any difference. In the meantime, does anyone have any idea what could be causing this? I know debug data from the Fortigate would help a lot but unfortunately i have none at this time.

      1 reply

      Jeff_S
      Jeff_S
      New Member
      June 7, 2016

      Oluf,

       

      I have been experiencing a similar if not the same issue with my Fortiwifi 30D and my Cable ISP.  I was able to test with a 80C and same issue.  Used a Netgear FVS315G with no issues.

       

      My ISP (TekSavyy) sent me a new modem (different make and model) and issue is not resolved.

       

      I have been working with Fortinet Support and we pulled some logs that indicate the issue is Teksavvy isn't sending an ACK packet at the end of the DHCP request.  I have attached a wireshark capture conversion of the fortigate logs of the requests.

       

      Jeff

      Oluf
      OlufAuthor
      New Member
      June 8, 2016

      Thank you for your reply and input. The ISP say they are sending the ACK from the DHCP server, but since i have no traffic log i don't know if the ACK reaches the Fortigate. I will have to do a wireshark trace myself if i keep having this problem after upgrading to 5.2.7. The problem is it can go months between each failure, so it is a pain in the ass to troubleshoot.

      Jeff_S
      Jeff_S
      New Member
      June 8, 2016

      Interesting.  My issue comes back after a couple days if I reset my modem or 30D.  If I just powercycle either or toggle my wan port, the issue comes back after an hour. This is been going on for 2 months.

      Terms & ConditionsAccessibility statement