FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to configure a FortiGate to assign an unlimited DHCP lease duration only for clients with reserved IP addresses (MAC-IP bindings), while assigning a limited lease duration for all other dynamically assigned addresses.
Scope
FortiGate.
Solution
To configure different DHCP lease durations based on whether an IP is reserved or dynamically assigned:
Configure the DHCP server with two separate IP ranges:
A small range (for example, 10 IP addresses) will be used for reserved IP addresses (MAC-IP bindings).
A larger range will be used for dynamically assigned IP addresses.
Do not configure a lease-time on the reserved range to make it unlimited.
Explicitly configure the lease-time (in seconds) for the dynamic range.
Configure the MAC-IP bindings to use IP addresses from the reserved range.
Example Configuration:
config system dhcp server edit 1 set interface "port3" set default-gateway 172.31.205.234 set netmask 255.255.240.0
config ip-range edit 1 set start-ip 172.31.192.1 set end-ip 172.31.192.10 next edit 2 set start-ip 172.31.192.11 set end-ip 172.31.192.254 set lease-time 3600 next end next end
Note:
Separate DHCP lease times for distinct IP ranges can be configured only via CLI
Add MAC-IP reservations: Use IPs only from the reserved pool (172.31.192.1 to 172.31.192.10 in this example).
config system dhcp reserved-address edit 1 set mac 00:11:22:33:44:55 set ip 172.31.192.2 set interface "port3" next edit 2 set mac 00:11:22:33:44:66 set ip 172.31.192.3 set interface "port3" next end
