Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
efelledi
New Contributor

Created on ‎01-05-2022 07:20 PM

Couldn't get IP address

I have FG 100 E, and I have it setup
DHCP Server
Address range 192.168.2.2-192.168.2.254
Netmask 255.255.255.0
is there something missing so that some devices sometimes can't get the IP address

Screenshot_20220106-085938_Settings.jpg

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Thanks.

Efel Ledi
Efel Ledi
Labels:
11051
0 Kudos
1 Solution
andrewbailey
Contributor II
In response to efelledi

Created on ‎01-06-2022 12:57 AM

Hi efelledi,

 

The key question is how many users and devices will access this interface over the course of 1 week?

 

At the moment you have set the “Lease Time” to 604800 seconds (7 days). That means that every device attaching to the interface will have an IP address reserved for the next 7 days.

 

So in your original config (subnet 255.255.255.0) you had 252 IP addresses available to be leased out.

 

If device number 253 tries connect to this interface over the course of a week (eg your phone) no addresses will be available to be leased out.

 

So Alex is right- you can make the subnet bigger if you need to allow for more devices.

 

Or if you only ever have a few guest devices that come and go each day with new devices the next make the lease time shorter to allow the IP addresses to be reused. 

 

I would typically use a 4 hour lease time (14400 seconds). That’s enough for devices coming and going and the DHCP protocol doesn’t generate a lot of traffic.

 

If you don’t have a clear idea how many devices will use this interface I would make the lease time shorter anyway. 7 days is unusually long I think.

 

Hope that helps you.

 

Kind Regards,

 

 

Andy.

View solution in original post

11027
0 Kudos
8 REPLIES 8
AlexC-FTNT
Staff
Staff

Created on ‎01-05-2022 11:38 PM

"Couldn't get IP address" in most cases it means that the pool of IPs is exhausted. The clients are probably not releasing the IPs, so this can happen even if you don't see 253 active users at the same time.

You can start by increasing the range of IPs that FortiGate can hand out to clients (starting with a /23), or lower the time these IPs are assigned.

If you want to troubleshoot the DHCP message exchange on the fortigate, you can run a packet capture filtered to ports 67 and 68 and/or a debug:
diag debug app dhcpd -1

diag debug enable


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
11002
0 Kudos
efelledi
New Contributor
In response to AlexC-FTNT

Created on ‎01-06-2022 12:10 AM

Hi AlexC
Thanks, please notice this IP what should i add.

Address range.jpg

Efel Ledi
Efel Ledi
11001
0 Kudos
AlexC-FTNT
Staff
Staff

Created on ‎01-06-2022 12:25 AM

Hi Efel, 

Right now, your Address range in DHCP server has 253 IPs (.2 > .254)

If you change the IP mask to 255.255.254.0 you will double the number of available IPs in the DHCP range: 192.168.2.2 - 192.168.3.254 
Make sure that this network doesn't overlap any other networks you may have on the FortiGate.


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
11000
0 Kudos
efelledi
New Contributor
In response to AlexC-FTNT

Created on ‎01-06-2022 12:30 AM

Dear AlexC

Is the change like this?
Address range Rubah.jpg

Efel Ledi
Efel Ledi
10999
0 Kudos
AlexC-FTNT
Staff
Staff
In response to efelledi

Created on ‎01-06-2022 12:40 AM

The answer is yes, but you should get the confidence to make these changes without asking on a public forum for such basic changes ;) In the worst case, you break something, then you will have to fix it and learn a lesson in the process.


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
10996
0 Kudos
efelledi
New Contributor
In response to efelledi

Created on ‎01-06-2022 12:43 AM

I'm throwing this on the forum because on the ticket the response is slow and on the forum it's faster, that's normal with service

Efel Ledi
Efel Ledi
10991
0 Kudos
andrewbailey
Contributor II
In response to efelledi

Created on ‎01-06-2022 12:57 AM

Hi efelledi,

 

The key question is how many users and devices will access this interface over the course of 1 week?

 

At the moment you have set the “Lease Time” to 604800 seconds (7 days). That means that every device attaching to the interface will have an IP address reserved for the next 7 days.

 

So in your original config (subnet 255.255.255.0) you had 252 IP addresses available to be leased out.

 

If device number 253 tries connect to this interface over the course of a week (eg your phone) no addresses will be available to be leased out.

 

So Alex is right- you can make the subnet bigger if you need to allow for more devices.

 

Or if you only ever have a few guest devices that come and go each day with new devices the next make the lease time shorter to allow the IP addresses to be reused. 

 

I would typically use a 4 hour lease time (14400 seconds). That’s enough for devices coming and going and the DHCP protocol doesn’t generate a lot of traffic.

 

If you don’t have a clear idea how many devices will use this interface I would make the lease time shorter anyway. 7 days is unusually long I think.

 

Hope that helps you.

 

Kind Regards,

 

 

Andy.

11028
0 Kudos
efelledi
New Contributor
In response to andrewbailey

Created on ‎01-06-2022 01:04 AM

Hi Andy,
Thank you, your advice really helped me.

Efel Ledi
Efel Ledi
10988
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.