Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.


Is it possible to use DHCP relay to pass SSLVPN IP requests to a true DHCP server instead of just using an SSLVPN Address Pool?


I see in the ssl.root interface, through CLI, the ability to enable DHCP relay, but not sure if this will work or not.


Scenario I've been asked for by a client is DHCP Options for a VOIP phone.  They use SSLVPN in tunnel mode for remote connection to their offices.  My first thought was, how would the phones be using SSLVPN?   It turns out they plug the phone in to their PC (which is connected via tunnel) and the phone expects to get a config file via configured DHCP options.  It's a strange setup, for sure - and I've reached back to my client contact to see if there's any other automated way they could put the config details on the phone.


Thanks for any thoughts on this.

Contributor II

Did you ever get this to work?

I'm in the same situation and I want remote users to get their DHCP address from an External DHCP-server and not the buildt in Scoop.



Found it!


config system interface edit ssl.root set dhcp-relay-service [enable|disable] set dhcp-relay-ip next end

New Contributor



Nilsan and works the DHCP-Relay configuration for the SSL.Root ?

New Contributor




If we check the SLL VPN Guide , page 17:  We have IP addresses for users and DHCP relay of IP address.  If we check DHCP relay of IP address we can see that DHCP relay in SSL VPN is not for the users but for FortiGate.  The FortiGate can get an IP address via DHCP server for SSL VPN services.  If we check ssl vpn setting you do not have any configuration about DHCP.  If you want use DHCP relay, I can recommend you IPSec, please refer IPsec VPN Guide:  [link][/link]


Kind regards   

Chavdar Tanev  Fortinet EMEA TAC Engineer Level 1  Fortinet NSE 4 Certified

Contributor III

Maybe a dead end if you read this post: