In the FortiOS web GUI, DHCP server/relay functionality is configured by navigating to Network -> Interfaces and configuring the setting on a per-interface basis. From this central location, it is possible to select the DHCP mode (Server or Relay) and fill in the appropriate details for that mode:

However, in the CLI, these configurations are split across different sections (config system interface for DHCP relay, config system dhcp server for DHCP server), which means that the FortiGate GUI must adjust each section separately whenever the administrator changes between modes. For reference, the following is the expected behavior when changing to/from DHCP Server and Relay modes on a given interface:

When changing the mode from Server -> Relay, the FortiGate configuration should disable the existing DHCP server configuration and enable/set the dhcp-relay-ip and dhcp-relay-service settings on the interface. The CLI equivalent is as follows:

config system dhcp server

    edit <id>

        set status disable

    next

end

config system interface

    edit <interface_name>

        set dhcp-relay-service enable

        set dhcp-relay-ip <ip_address>

    next

end

When changing the mode from Relay -> Server, the FortiGate configuration should either enable the existing DHCP server configuration (or create a new entry) and disable/unset the dhcp-relay-service setting on the interface (dhcp-relay-ip is preserved but hidden when dhcp-relay-service is disabled):

config system dhcp server

    edit <id>

        set status enable

    next

end

config system interface

    edit <interface_name>

        unset dhcp-relay-service

    next

end

The issue:

In FortiOS v7.4 and v7.6, an issue exists when changing the DHCP mode from Server -> Relay in the GUI, specifically when that interface has an existing entry under config system dhcp server. There is no issue in the opposite direction (Relay -> Server).

This scenario can commonly occur when the FortiGate interface was previously set up as a DHCP server for the network, then later on, the administrator decides to switch that interface to perform DHCP relaying instead. When an administrator applies this change, the GUI does not correctly run set status disable for the DHCP server entry, which results in the DHCP server still being active on the interface at the same time as the DHCP relay, which can cause address conflicts and general confusion.

Resolution and workarounds:

This issue has been identified as part of Issue #1199029 and is resolved as of FortiOS v7.4.10, v7.6.5, and all later versions, such that the GUI now correctly disables the DHCP server entry when changing to Relay mode.

To workaround the issue, use one of the following methods:

Option 1 (GUI):

• Navigate to Network -> Interfaces, edit the interface with the existing DHCP server entry, then toggle off the DHCP Server section of the interface config and select OK to commit the change.
• Edit the interface again, then toggle the DHCP Server back on. Select Advanced, then change the Mode to Relay and set the appropriate external DHCP server IP address.
• This procedure deletes the existing DHCP server entry associated with the interface in the first step, then in the second step applies the new Relay setting without creating a new DHCP server entry.

Option 2 (CLI): In the CLI, navigate to config system dhcp server, locate the entry associated with the interface, then manually run set status disable to disable that entry and prevent the DHCP server functionality from interfering with the DHCP relay for that interface (see CLI commands in Server -> Relay section above).

Related articles:

Troubleshooting Tip: DHCP relay issue

Technical Tip: Understanding DHCP Server and DHCP Relay functionality on FortiGate