Sample of affected topology:

The DHCP relay is configured on FortiGate1 under the interface settings. The relay IP address is not the real IP address of the DHCP server, but it is a NATed IP address, 192.168.100.200.

Virtual IP is configured on FortiGate2 to translate the DHCP server IP address 172.16.100.200 to 192.168.100.200.

After upgrading to v7.4.4 or later, the error message 'Error: can't find a matching server in the relay' can be found from DHCP relay debugging.

Commands:

diagnose debug application dhcprelay -1
diagnose debug enable

Output:

(xid:06958b1e) Server ip 172.16.100.200 found in packet
(xid:06958b1e) Server IP 172.16.100.200, Error: can't find a matching server in the relay

This is the expected behavior in v7.4.4 and later because the known issue ID 854334 has been resolved: Resolved issues.

• Before v7.4.4, a DHCP request will be sent to all servers even if there is option 54 (DHCP server identifier).
• After v7.4.4, FortiOS will only send requests to the DHCP server IP in option 54.

The option to send a relay to all DHCP servers is the workaround.

Commands:

config system interface
    edit <interface name>

        set dhcp-relay-request-all-server enable

end