PXE and SCCM

Forum|Forum|3 years ago
April 7, 2023
2 replies
9219 views

We have the following setup:

A FortiGate router in the middle of the network with few cisco switches, which host several VLAns.

Also we have a MS SCCM server in vlan 10 and a bunch of workstations in vlan 20, which should be booted trough PXE/SCCM and network install the OS.

So far we installed IP and DHCP on vlan 20, the PCs go till getting an IP address, but the SCCM boot and install is failing with "no boot device detected". How may I setup an working environment - the DHCP should stay on FortiGate. I tried to put ip helper-address on cisco in vlan 20, but that did not helped.

FortiGate

gfleming

Staff

Is the FortiGate doing the inter-VLAN routing? Or is the Cisco?

If the FortiGate is doing the routing you need to ensure there is a FW policy allowing the PXE Boot traffic.

Do you know what protocol/ports the PXE boot is using? DO you need to make any special DHCP server configurations to make it work? Have you done that?

SatoryAuthor

Explorer

Yes, the FortiGate is doing the routing and there is a rule, allowing the traffic.

gfleming

Staff

And the rest of my questions?

Do you know what protocol/ports the PXE boot is using? DO you need to make any special DHCP server configurations to make it work? Have you done that?

SatoryAuthor

Explorer

The only solution I have found is to use the CISCO switch and define ip helper addresses.
The drawback - you have to define IP address of the switch in the same VLan, which is a security issue and we cannot use the FortiGate itself to do the ip helper, which is NOT OK!

gfleming

Staff

You can absolutely use FortiGate to do DHCP relay (helper):

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/783526/dhcp-servers-and-relays

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded