Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jdconti
New Contributor II

Created on ‎10-19-2022 01:42 PM

DHCP Failure due to BOOTP Broadcast

Is there any way to set the Fortigate DHCP client on wan1 to use the Unicast BOOTP flag?  I'm using an 80F (7.x firmware) on Optimum Fiber and due to their network configuration, they're ignoring DHCPDISCOVER's with the Broadcast flag set.  This is identical to Re: Fortigates incompatibility with Telenet DOCSIS... - Fortinet Community

Labels:
1560
6 REPLIES 6
Jean-Philippe_P
Moderator
Moderator

Created on ‎10-24-2022 01:56 AM

Hello jdconti,

 

Thanks for posting on the Fortinet Community Forum!

 

I found documents that can help you :

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Diagnosing-DHCP-on-a-FortiGate/ta-p/192960

 

or

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-DHCP-address-leases-on-a-FortiGate-unit/ta...

 

Can you tell me if it solved your problem or if you need more assistance please?

 

Kindest regards,

Jean-Philippe - Fortinet Community Team
1540
jdconti
New Contributor II
In response to Jean-Philippe_P

Created on ‎10-24-2022 06:31 AM

Hey Jean-Philippe,

 

That was useful but only confirms my suspicion regarding the broadcast BOOTP flag.  In many ISP deployments that utilize DHCP relaying they often discard DHCPDISCOVER packets with the broadcast flag set.  Is there any to toggle the BOOTP flag on the wan1 DHCP client to unicast?  If not, there should be... I'm also wondering how the issue was fixed in 6.x firmware for the previously mentioned Telenet issue, could you provide details?  

 

Thanks!

1537
distillednetwork
Contributor III
In response to jdconti

Created on ‎10-24-2022 08:45 AM

looks like the older issue was fixed via code:

https://docs.fortinet.com/document/fortigate/6.0.5/fortios-release-notes/565064/resolved-issues

find bug ID 536817

 

If you run a flow filter debug on wan1 do you see any response at all from the ISP?

 

1533
distillednetwork
Contributor III
In response to distillednetwork

Created on ‎10-24-2022 08:48 AM

on second thought, that bug is when the fortigate is the server.  Maybe a similar issue with you are getting an offer but no ACK?  

1533
jdconti
New Contributor II
In response to distillednetwork

Created on ‎10-26-2022 05:32 AM

I have a packet capture from wan1 (below) and I'm simply getting no response from the next hop / dhcp server.  If I hook up any other device that sends DHCPDISCOVER with the Bootp flag set to unicast instead of broadcast I immediately get a DHCPOFFER from the ISP.  

 

While setting the Bootp flag to Broadcast doesn't necessarily violate the RFC[1] the client shouldn't be setting the broadcast flag unless there are specific DHCP client limitations... most modern DHCP clients set the flag to unicast.  

 

Fortinet, if you're listening, please provide a toggle for the Bootp flag! =)

 

[1] RFC 1542: Clarifications and Extensions for the Bootstrap Protocol (rfc-editor.org)

 

jdconti_0-1666787500915.png

 

1515
Charlez79
New Contributor II

Created on ‎03-17-2023 12:02 PM

Has this been resolved in the meanwhile.

1055
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.