Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Budderrick
New Contributor

DHCP Server and "Relay" coexistence

Hi Community,

 

Is it possible to have the Fortigate 100F act as DHCP Server and "Relay" in the same VLAN?

I want Clients to get there IP from the Fortigate but everything else forwarded like an additional IP-Helper.

This is mostly for OS Deployment. I know you can configure DHCP Options but this will limited the capability of deployments to specific architectures and devices.

10 REPLIES 10
emnoc
Esteemed Contributor III

So how would the fortigate know who and what to relay?

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

Budderrick

It doesn't have to. It answers and forwards "everything" to the additional helper.

First come first serve for the client. Fortigate shouldn't bother what the clients receives or how it is handling it.

ShawnZA

Re-design your network so that you have a separate VLAN for OS deployments only.

Budderrick

rwpatterson wrote:

 

This makes no sense to me. Any requests on the VLAN would get IP addresses in the VLAN. What's to forward?

E.g.: Boot Options. IP-Helpers serve more than just DHCP.

 

ShawnZA wrote:

Re-design your network so that you have a separate VLAN for OS deployments only.

Will not change the request/question. OSD already is a separate VLAN..

rwpatterson
Valued Contributor III

Other IP helpers are handled by the IP helpers. Boot options would come along with the IP assignment, no? PPTP, TFTP, FTP, etc are handled in the System>Session-helper section.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Budderrick

rwpatterson wrote:

Other IP helpers are handled by the IP helpers. Boot options would come along with the IP assignment, no? PPTP, TFTP, FTP, etc are handled in the System>Session-helper section.

Okay. Let me provide some additional information. OSD is done via SCCM. The additional IP Helper would be the PXE Server.

 

1. Client boots using PXE.

2. Client broadcasts for DHCP Server and PXE server.

3. Fortinet (DHCP Server) offers DHCP service.

4. SCCM (PXE Server) offers PXE service.

5. Client asks Fortinet (DHCP) for IP. -> Client gets IP assignment.

6. Client asks SCCM (PXE) for boot instructions (e.g. NBP File).

7. Client downloads NBP and runs it.

 

DHCP Server could be any system. I could remove Fortinet as DHCP Server and use two or more ip helpers instead but I'd like to limit the count of systems.

rwpatterson
Valued Contributor III

OK. Thank you for the clarification. Sorry I can't be of more useful assistance. Good luck.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

rwpatterson
Valued Contributor III

Budderrick wrote:

Hi Community,

 

Is it possible to have the Fortigate 100F act as DHCP Server and "Relay" in the same VLAN?

I want Clients to get there IP from the Fortigate but everything else forwarded like an additional IP-Helper.

This is mostly for OS Deployment. I know you can configure DHCP Options but this will limited the capability of deployments to specific architectures and devices.

This makes no sense to me. Any requests on the VLAN would get IP addresses in the VLAN. What's to forward?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

ad
New Contributor

I know its not what you're asking, but what's the reason for not having the remote DHCP server supply the IPs so you can run a conventional relay config?