Description |
This article describes two workarounds where the DHCP client can get an IP address from the DHCP server (upstream device) when the FortiGate is in policy-based mode, and a virtual-wire pair interface is being used to aggregate interfaces to interconnect the client and the DHCP server.
Topology:
Laptop (DHCP Client) -> Switch -> FortiGate Virtual-Wire Pair -> Router (DHCP Server)
Only a few steps are necessary to configure the virtual-wire pair interface:
Note: NAT is not available for Virtual Wire Pair interfaces when the firewall is in policy-based mode. When the DHCP client is trying to get an IP address from the DHCP server (upstream device) through the virtual-wire pair interface, the following issues will appear:
|
Scope | FortiGate v5.2 and above. |
Solution |
As a workaround, use the FortiGate in profile-based mode. When in profile-based mode, the DHCP will not present any issues, as shown in the image below:
As a second workaround, a software switch interface can be used in implicit intra-switch policy mode. If the software switch interface is in explicit intra-switch policy mode, it is possible to stumble on the issue stated in the documentation below:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.