Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jcovarrubias
Staff
Staff

Created on ‎07-16-2025 07:28 AM Edited on ‎07-23-2025 08:27 AM By Moderator

Article Id 401388

Technical Tip: How to release a DHCP IP address when FortiGate is DHCP Client

Description This article describes how to release an IP address when FortiGate is the DHCP client.
Scope FortiGate.
Solution

When switching FortiGates, certain ISP providers require the FortiGate to release the DHCP address to assign the same IP to the new FortiGate.

 

How to configure the FortiGate to release an IP assigned by a DHCP server:

 

Switch the IP address in the Interface configuration settings from DHCP to Manual.

 

For example, the FortiGate below was assigned the IP address 10.4.9.23. 

 

july 14.png

 

In the CLI, set the mode to static and set the IP addresses as below:

 

F4 (port1) # set mode ?
static Static setting. <----- Manual IP assignment.
dhcp External DHCP client mode.
pppoe External PPPoE mode.

F4 (port1) # set mode static

F4 (port1) # set ip 10.4.9.1/24

F4 (port1) # show
config system interface

    edit "port1"
        set vdom "root"
        set ip 10.4.9.1 255.255.255.0
        set allowaccess ping https ssh http telnet
        set type physical
        set snmp-index 1
   next
end

 

After changing the IP address from DHCP to Manual, the following can be seen on a Sniffer trace.

 

Unicast packet from the FortiGate to DHCP server releasing the IP using option 53:

 

Frame 5: 590 bytes on wire (4720 bits), 590 bytes captured (4720 bits)
Ethernet II, Src: 00:41:6c:6f:10:01 (00:41:6c:6f:10:01), Dst: 00:41:6c:6f:0f:02 (00:41:6c:6f:0f:02)
Internet Protocol Version 4, Src: 10.4.9.23, Dst: 10.4.9.2
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Release)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xba6ad46e
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 10.4.9.23
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 00:41:6c:6f:10:01 (00:41:6c:6f:10:01)
Client hardware address padding: 00000000000000000000
Server hostname not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Release)
Length: 1
DHCP: Release (7)
Option: (61) Client identifier
Option: (54) DHCP Server Identifier (10.4.9.2)
Option: (255) End
Padding […]:  

 

Or run the following commands in CLI to debug DHCP client traffic:

 

diagnose debug reset
diagnose debug application dhcpc -1

diagnose debug console timestamp enable
diagnose debug enable

 

To stop debugging:

 

diagnose debug reset
diagnose debug disable

 

Related article:
Technical Tip: Diagnosing DHCP on a FortiGate 
520
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.