When a DHCP server is enabled on the PoE ports of FortiGate 140E, the FortiGate may intermittently fail to send a DHCP Offer, resulting in IP assignment issues.

Sample Configuration:

config system interface
    edit "port15"
        set vdom "root"
        set ip 192.168.90.1 255.255.255.0
        set allowaccess ping fabric
        set device-identification enable
        set type physical
        set snmp-index 50
    next

        config system dhcp server
            edit 3
                set lease-time 3600
                set default-gateway 192.168.90.1
                set netmask 255.255.255.0
                set interface "port15"
                    config ip-range
                        edit 1
                            set start-ip 192.168.90.2
                            set end-ip 192.168.90.254
                        next
                    end
                set timezone-option default
            next

The DHCP Offer appears in the 'dhcps' debug logs and in packet captures on the FortiGate interface, however, this packet is not seen in the Wireshark Captures of the user machine.

DHCPS debugs:

diagnose debug application dhcps -1
diagnose debug console timestamp enable
diagnose debug enable

2024-06-11 14:20:01 [note]DHCPDISCOVER from 2h:a1:e8:aa:da:46 via Port15(ethernet)
2024-06-11 14:20:01 [debug]client suggested lease time as 7776000
max lease time 3600
default lease time 3600
2024-06-11 14:20:01 [debug]deled ip 192.168.90.2 mac 2h:a1:e8:aa:da:46 in vd root
2024-06-11 14:20:01 [debug]added ip 192.168.90.2 mac 2h:a1:e8:aa:da:46 in vd root
2024-06-11 14:20:01 [debug]packet length 300
2024-06-11 14:20:01 [debug]op = 1 htype = 1 hlen = 6 hops = 0
2024-06-11 14:20:01 [debug]xid = 7c0a9f35 secs = 8704 flags = 0
.
2024-06-11 14:20:01 [debug]chaddr = 2h:a1:e8:aa:da:46
2024-06-11 14:20:01 [debug]filename =
2024-06-11 14:20:01 [debug]server_name =
2024-06-11 14:20:01 [debug] dhcp-lease-time = 7776000
2024-06-11 14:20:01 [debug] dhcp-message-type = 1
2024-06-11 14:20:01 [debug] dhcp-parameter-request-list = 1,121,3,6,15,108,114,119,252
2024-06-11 14:20:01 [debug] dhcp-max-message-size = 1500
2024-06-11 14:20:01 [debug] dhcp-client-identifier = 1:2h:a1:e8:aa:da:46
.
2024-06-11 14:20:01 [note]DHCPOFFER on 192.168.90.2 to 2h:a1:e8:aa:da:46 via Port15(ethernet)
.
2024-06-11 14:20:01 [debug]sending on Port15(ethernet)
2024-06-11 14:20:01 [debug]sending using lpf_dhcpd_send_packet
2024-06-11 14:20:05 [debug]locate_network prhtype(1) pihtype(1)
2024-06-11 14:20:05 [debug]find_lease(): leaving function with lease set
2024-06-11 14:20:05 [debug]find_lease(): the lease's IP is 192.168.90.8

Packet captures on FortiGate interface:

WireShark Captures on the User Machine:

This issue has been resolved in FortiOS version 7.4.7 (available in support portal).

Workaround:
Switch to a non-PoE port.

Logs required by FortiGate TAC for investigation.

1. Debugs:
   
   diagnose debug application dhcps -1
   diagnose debug console timestamp enable
   diagnose debug enable
   
   Wait for DHCP packets.
   
   diagnose debug reset
   execute dhcp lease-clear all
   execute dhcp lease-list
   
   
2. TAC Report:
   
   execute tac report
   
   
3. Configuration file of the FortiGate.
   
   
4. Sniffers on FortiGate:
   
   diagnose sniffer packet any "port 67 or port 68" 6 0 l
   
   
5. WireShark Packet captures on the user machine.