Description
This article describes how to configure FortiGate as a DHCP server via both the GUI and the CLI.
In large environments, it is difficult to assign static IP addresses for each user individually. Hence, the DHCP server is used to provide a dynamic IP address to each host in the network.
Scope
FortiGate.
Solution
A DHCP server provides an address from a defined address range to a client on the network when requested. There is a possibility to configure one or more DHCP servers on any FortiGate interface.
A DHCP server dynamically assigns IP addresses to hosts on the network connected to the interface.
The host computers have to be configured to obtain their IP addresses using DHCP.
A FortiGate interface can also be configured as a DHCP relay.
The interface forwards DHCP requests from DHCP clients to an external DHCP server and returns the responses to the DHCP clients.
The DHCP server must have appropriate routing so that its response packets to the DHCP clients arrive at the unit.
It is possible to enable DHCP relay under Network -> Interface, as shown below.
Refer to the steps to configure the FortiGate interface as a DHCP server from the GUI.
Step 1: Go to Network -> Interface.
Step 2: On 'Edit the Interface', enable the option 'DHCP Server'.
Step 3: Once the 'DHCP Server' option is enabled, the Address range, Netmask, Default Gateway, Lease time, and DNS Server are auto-filled as per the IP Class, based on the IP address provided in the IP/Network Mask field.
Step 4: If the above parameters need to be re-configured, then those fields can be individually edited.
To add a DHCP server from CLI:
config system dhcp server
edit 1
set dns-service default
set default-gateway 192.168.1.1
set netmask 255.255.255.0
set interface "port1"
config ip-range
edit 1
set start-ip 192.168.1.2
set end-ip 192.168.1.254
next
end
next
end
edit 1
set dns-service default
set default-gateway 192.168.1.1
set netmask 255.255.255.0
set interface "port1"
config ip-range
edit 1
set start-ip 192.168.1.2
set end-ip 192.168.1.254
next
end
next
end
Note:
As of v7.4.0, the DHCP server includes a shared subnet feature that allows FortiGate to dynamically allocate IP addresses from multiple subnets on the same interface or VLAN. It automatically switches to a different DHCP server or pool when the primary pool is full, offering increased flexibility in IP allocation for high-demand environments without requiring additional configurations.
As of v7.4.0, the DHCP server includes a shared subnet feature that allows FortiGate to dynamically allocate IP addresses from multiple subnets on the same interface or VLAN. It automatically switches to a different DHCP server or pool when the primary pool is full, offering increased flexibility in IP allocation for high-demand environments without requiring additional configurations.
To configure it with CLI:
config system dhcp server
edit <id>
set shared-subnet {enable | disable}
set relay-agent <IP_address>
next
end
A FortiGate interface can also be configured as a DHCP relay.
The interface forwards DHCP requests from DHCP clients to an external DHCP server and returns the responses to the DHCP clients.
The DHCP server must have appropriate routing so that its response packets to the DHCP clients arrive at the unit.
DHCP relay can be enabled under Network -> Interface as shown below.
To view all the DHCP addresses leased by the FortiGate, execute the following command:
execute dhcp lease-list
Note:
- The 'DHCP server' option cannot be enabled/used on DMZ interfaces. For the interfaces with the DMZ role, the DHCP server and Security mode are not available (by design). If a DHCP server is required on that physical interface, change its role from DMZ to LAN, WAN, or Undefined.
- The DHCP server cannot be configured on Loopback interfaces.
- It is not possible to have two interfaces configured for the same DHCP server.
- An interface can be configured as a DHCP server AND a DHCP relay at the same time. If the interface is configured as a DHCP server before and needs to be changed to a DHCP relay only, the DHCP server configuration needs to be fully deleted; otherwise, the clients will receive DHCP offers from both the FortiGate and the relayed server.
To troubleshoot DHCP-related issues, consult the following helpful articles:
Technical Tip: Understanding DHCP Server and DHCP Relay functionality on FortiGate
Technical Tip: Diagnosing DHCP on a FortiGate
Related documents:
DHCP servers and relays
Troubleshooting Tip: DHCP Server option not showing on interface GUI
