Technical Tip: Configure DHCP relay traffic to use SD-WAN rules

sagha · ‎08-10-2021

Description
This article explains that when DHCP relay is configured on an interface, FortiGate can use any interface to forward its traffic.

With DHCP relay configured on an interface, FortiGate will forward the traffic based on routing table even if there is a specific SD-WAN rule configured.

As an example, dhcp-relay is configured on the VLAN interface:

# config system interface
   edit "vlan-60"
        set vdom "root"
        set dhcp-relay-service enable
        set ip 10.10.60.254 255.255.255.0
        set allowaccess ping
        set device-identification enable
        set dhcp-relay-interface-select-method auto
        set dhcp-relay-ip "172.16.10.1" "172.16.10.2 "
        set interface "port1"
        set vlanid 60
   next

Since the traffic has to be relayed when it reaches FortiGate, it is considered as locally originated traffic.
Locally originated traffic would not match any SD-WAN rule.

Solution
By default 'set dhcp-relay-interface-select-method auto' is configured that means that traffic would be following the best interface available.

The following options are available to route the traffic for DHCP relay:

1) Auto - Set the outgoing interface automatically (default).
2) SD-WAN - Set the interface by SD-WAN or policy routing rules.
3) Specify - Set the interface manually.

In order to make sure that traffic matches the SD-WAN rule, following changes need to be made to the configuration on the interface where dhcp-relay is configured.

# config system interface
   edit "vlan-60"
        set dhcp-relay-interface-select-method sdwan
   end

Related document.
https://docs.fortinet.com/document/fortigate/7.0.1/administration-guide/848980/self-originating-traf...

Technical Tip: Configure DHCP relay traffic to use SD-WAN rules

You are leaving our website