[solved] Problem booting clients with PXE over Fortigate DHCP

Forum|Forum|13 years ago
November 18, 2012
16 replies
40215 views

Hi, We changed to an fortigate 60C Wifi (v5.0,build0128 (GA)). So we would like to use dhcpservices too. But the problem is real hardwareclients do not boot with pxe. For the first, here is my configuration:

  config system dhcp server      edit 1          set default-gateway 192.168.1.254          set interface " internal"               config ip-range                  edit 1                      set end-ip 192.168.1.150                      set start-ip 192.168.1.53                  next              end          set netmask 255.255.255.0          set next-server 192.168.1.56          set option1 67 ' 7078656c696e75782e30'               config reserved-address                  edit 1                      set ip 192.168.1.56                      set mac 52:54:00:ca:79:ee                  next                  edit 2                      set ip 192.168.1.150                      set mac 00:14:5e:29:a3:80                  next                  edit 3                      set ip 192.168.1.54                      set mac 00:14:38:d7:bf:b3                  next                  edit 4                      set ip 192.168.1.53                      set mac 00:1f:1f:71:fa:f3                  next              end          set dns-server1 192.168.1.254          set dns-server2 8.8.8.8          set dns-server3 80.120.17.70      next  end

Ok, listen, the crazy thing is with an virtualpxeclient it works perfectly. I' ve tested this with KVM and Virtualbox. And a real Hardware does not boot. I' ve changed to another TFTPserver and i' ve changed the hardware. But nothing helps. The message from Hardware is:

  ProxyDHCP services did not reply to request on port 4011

Before i upgrade to Forti version 5 i had the message " PXE Filename to long" ... Yes, i think this is really crazy. Why to this work with virtual machines? With another dhcpserver (for example on Ubuntu) it works with real hardware too. Thanks for help Greetings ipranger

iprangerAuthor

New Member

I testet it with only Hexoption set option1 66 ' 3139322e3136382e312e3536' set option2 67 ' 7078656c696e75782e30' I found this: http://www.networksorcery.com/enp/protocol/bootp/options.htm http://www.networksorcery.com/enp/rfc/rfc2132.txt http://www.dolcevie.com/js/converter.html and ok, the option are correct. But it does no work. Not with real hardware and not with virtual hardware. The option 66 is the " next server" . I think this option is ignored by fortigate because there is an plaintext option available (set next-server). You can reproduce all these things. 1. Setup an TFTPserver with an littel image. For example: https://help.ubuntu.com/community/PXEInstallServer 2. Setup an DHCPserver on Fortigate with the option " next-server" and the " bootfilename" for example " pxelinux.0" 3. Boot an Client over PXE and you will see that an virtualmachine boots successfully, and an real hardware such a thinclient or PC, get an ipaddress but can' t boot the image. 4. Than for test you can setup another DHCP-server on a Linuxdistribution, with the same option next-server 192.168.1.56; filename " pxelinux.0" ; and you will see, it works fine. That is strange. Ok, i think there is an Bug in the fortigatesoftware.

ddskier

New Member

We got it working with option 60. Set the HEX value to the IP Address of our Ghost sever. Example: IP Address of Server: 10.50.10.2 Option 60 0A320A02 Could that work for you instead?

iprangerAuthor

New Member

No, it does not work for me. I have set this options set option1 60 ' 3139322e3136382e312e3536' set option2 67 ' 7078656c696e75782e30' No client is booting. The VM says " Operation is not support" The VM don' t see the first option. But the VM is search vor pxelinux.0 from Option2. Real Hardware (Zodac) do nothing. Same messeage: ProxyDHCP services did not reply to request on port 4011

ddskier

New Member

Double check you option 60 value. It seems entirely to long. It should be a Hex of PXE Server' s IP. e.g. IP Address of Server: 10.50.10.2 Option 60 ' 0A320A02'

iprangerAuthor

New Member

Can you tell me where you converted this string? I testet with these sites, but everythings different. http://www.asciitohex.com/ http://tomeko.net/online_tools/hex_to_ascii.php?lang=en http://www.dolcevie.com/js/converter.html What am I doing wrong? Thanks a lot

ede_pfau

SuperUser

use Windows Calculator.exe switch to ' Scientific' view select ' Decimal' type in first byte (e.g. 192) select ' Hex' note first byte in hex (e.g. C0) Convert all 4 bytes one at a time. Concatenate all hex values to get the string. (ignore the dots)

g3rman

New Member

Here is another good blog article on HEX options in the FortiOS DHCP server. http://firewallguru.blogspot.com/2010/02/custom-dhcp-options-in-fortispeak.html

iprangerAuthor

New Member

Thanks for help. This with the options I now understand. But it still does not work. I' ve tested with many option and variations, but machines does not booting. I tested it with a new hpz220 and it was the same. What should i do? FortiGate can not give this service? Strange... Many Greetings

lindblom

New Member

ORIGINAL: ipranger Thanks for help. This with the options I now understand. But it still does not work. I' ve tested with many option and variations, but machines does not booting. I tested it with a new hpz220 and it was the same. What should i do? FortiGate can not give this service? Strange... Many Greetings

I can confirm the exact same issue. On version 4 it worked fine, but after upgrading to 5, our WDS (windows deployment services) stopped working. Exact same error message. Do you have any idea when the patch will come out? Thanks! /Stefan Lindblom