Description
This article describes how to configure FortiGate as a DHCP server via both the GUI and the CLI.
In large environments, it is difficult to assign static IP addresses for each user individually. Hence, the DHCP server is used to provide dynamic IP to each host in the network.
Scope
FortiGate.
Solution
A DHCP server provides an address from a defined address range to a client on the network, when requested. There is a possibility to configure one or more DHCP servers on any FortiGate interface.
A DHCP server dynamically assigns IP addresses to hosts on the network connected to the interface.
The host computers have to be configured to obtain their IP addresses using DHCP.
A FortiGate interface can also be configured as a DHCP relay.
The interface forwards DHCP requests from DHCP clients to an external DHCP server and returns the responses to the DHCP clients.
The DHCP server must have appropriate routing so that its response packets to the DHCP clients arrive at the unit.
It is possible to enable DHCP relay under Network -> Interface, as shown below.
Refer to the below steps to configure the FortiGate interface as a DHCP server from the GUI.
Step 1: Go to Network -> Interface.
Step 2: On 'Edit the Interface', enable the option 'DHCP Server'.
Step 3: Once the 'DHCP Server' option is enabled, then the Address range, Netmask, Default Gateway, Lease time, and DNS Server are auto-filled as per the IP Class, based on the IP address provided in the IP/Network Mask field.
Step 4: If the above parameters need to be re-configured, then those fields can be individually edited.
To add a DHCP server from CLI:
config system dhcp server
edit 1
set dns-service default
set default-gateway 192.168.1.1
set netmask 255.255.255.0
set interface "port1"
config ip-range
edit 1
set start-ip 192.168.1.2
set end-ip 192.168.1.254
next
end
next
end
edit 1
set dns-service default
set default-gateway 192.168.1.1
set netmask 255.255.255.0
set interface "port1"
config ip-range
edit 1
set start-ip 192.168.1.2
set end-ip 192.168.1.254
next
end
next
end
Note:
As of v7.4.0, the DHCP server includes a shared subnet feature that allows FortiGate to dynamically allocate IP addresses from multiple subnets on the same interface or VLAN. It automatically switches to a different DHCP server or pool when the primary pool is full, offering increased flexibility in IP allocation for high-demand environments without requiring additional configurations.
As of v7.4.0, the DHCP server includes a shared subnet feature that allows FortiGate to dynamically allocate IP addresses from multiple subnets on the same interface or VLAN. It automatically switches to a different DHCP server or pool when the primary pool is full, offering increased flexibility in IP allocation for high-demand environments without requiring additional configurations.
To configure it with CLI:
config system dhcp server
edit <id>
set shared-subnet {enable | disable}
set relay-agent <IP_address>
next
end
A FortiGate interface can also be configured as a DHCP relay.
The interface forwards DHCP requests from DHCP clients to an external DHCP server and returns the responses to the DHCP clients.
The DHCP server must have appropriate routing so that its response packets to the DHCP clients arrive at the unit.
DHCP relay can be enabled under Network -> Interface as shown below.
To view all the DHCP addresses leased by the FortiGate, execute the following command:
execute dhcp lease-list
Note:
The 'DHCP server' option cannot be enabled/used on DMZ interfaces. For the interfaces with DMZ role, DHCP server and Security mode are not available (by design). If a DHCP server is required on that physical interface, change its role from DMZ to LAN, WAN, or Undefined.
To troubleshoot DHCP related issues, consult the following helpful articles:
Related documents:
