Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
epinheiro
Staff
Staff

Created on ‎02-20-2025 06:55 AM Edited on ‎02-20-2025 08:54 AM

Article Id 377870

Troubleshooting Tip: Host in different subnet not able to reach WDS server for PXE boot

Description This article shows how to allow hosts in different subnets to reach the WDS server.
Scope FortiGate, Windows Server, WDS.
Solution

Only a few steps are required on the FortiGate for PXE Boot in different subnets to work:

 

  1. Configure a firewall policy to allow traffic from the LAN/VLAN on which the host is connected to the WDS LAN/VLAN:

Client_LAN.jpg

 

To check which ports/services are required, see the following Microsoft Document: Network Ports Used.

 

  1. On the Client LAN, DHCP Relay must be enabled pointing to the WDS server IP with the DHCP role enabled and properly configured to lease IP addresses for the client LAN. 

Client_LAN.jpg

 

On Windows Server:

 

  1. DHCP Scope for Client LAN:

WS_DHCP.jpg

 

  1. DHCP scope options that must be added manually:
  • 066: WDS Server IP.
  • 067: '\Boot\x64\wdsnbp.com' (File located at C:\RemoteInstall\Boot\x64\wdsnbp.com on the WDS Server).
  • 060: 'PXEClient'.

 

WS_DHCP_ServerOptions.jpg

 

Result:

 

PXE_Boot.jpg

 

PXE_Boot_LoadingOS.jpg

 

Contact the Microsoft support team for additional information on the Windows side.
Labels:
689
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.