FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 310376
Description This article describes how to configure the DHCP server on FortiGate to proper send the TFTP server to provision IP phones.
Scope FortiGate, FortiOS v6.4, v7.0, v7.2.

Some IP phones need to receive a TFTP server IP on the DHCP OFFER. Most of the IP phones take this parameter as DHCP option 43 with sub-option 66.


This can be configured in FortiOS as follows:


config system dhcp server

edit 3

set lease time <number of seconds>
set default-gateway <DG IP>
set next-server <next server IP>
set netmask < y.y.y.y >
set interface <interface name>

config ip-range

edit 1

set start-ip <x.x.x.x>
set end-ip <x.x.y.y>



config options

edit 1

set code 43
set value "4204ac102001"



set dns-server1 <dns server IP>





The above configuration sends the DHCP OFFER the TFTP IP as option 43 suboption 66.

The HEX string '4204ac102001' should be interpreted as follows:


42 = 66 in decimal <- Sub-option 66.

04 = 04 in decimal <- Next 4 bytes.

AC = 172 in decimal

10 = 16 in decimal

20 = 32 in decimal

01 = 01 in decimal


The generated DHCP offer seen from Wireshark should look like the following:




The capture shows the string from the HEX dump with the preamble '2B 06' which is option 43, 6 bytes length.

The TFTP IP is not displayed in Wireshark as option 43 is a generic vendor specific option, so it could contain anything: Wireshark is not able to understand how to parse the HEX string.