Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Coldfirex
New Contributor

DHCP Option 66 issue

Howdy, We are noticing an issue where a FGT80C is handling DHCP and we are handing out Option 66 and 67. Option 67 is handed out correctly, but the wrong IP address is handed out on option 66. No matter what Ip we use (converted to hex) the client always picks up the IP address of the FGT. Has anyone else seen this? We are running 4.2.9 currently. Thanks!
10 REPLIES 10
FortiRack_Eric
New Contributor III

Hi, We have been and are using option 66 and 49 for phones. and that works fine. the address in option 66 must be in hex like: AC1C0010 Cheers, Eric

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Coldfirex
New Contributor

Thanks Eric. Ya, we are using the hex alright. Which firmware revision are you using it on?
FortiRack_Eric
New Contributor III

4.2.10 and 4.3.5, but we have been using it since 3.6.x Cheers, Eric

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Coldfirex
New Contributor

Suck. Just upgraded to 4.2.10 and the pxe clients are still getting the LAN IP of the FGT. Support told me to upgrade to MR3 :(
Matthijs
New Contributor II

Did they explain why you should upgrade? And did they guarantee you that it will work in 4.3? There is really no other reason to upgrade and there are a lot of reasons not to upgrade ;)
FortiRack_Eric
New Contributor III

4.3.5 isn' t that bad, only for those who are trying to overstretch small boxes...

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Matthijs
New Contributor II

The problem is that FortiNet allows these functions to be used on small boxes. There is no way to use flow-based profiles on the FortiGate60C but you can turn them on in the profiles. This causes memory to ho sky high. Indeed if you tune it well, 4.3.5 is working ok.
Coldfirex
New Contributor

Support was able to figure out a workaround for us. They had us create an internal VIP and fw policy that basically forwards the TFTP requests the Fortigate receives at our TFTP server. Strange that it was needed, but it worked!
AmorFati7734
New Contributor

Coldfirex, Not meaning to hi-jack your thread but I' m having almost a similar issue and was wondering if you could provide more detail. I' m trying to setup a *nix based imaging solution and options 66 & 67 are to be set in the DHCP server. As far as I can tell in the documentation you need to convert all values from ascii to hex but nothing gets accepted from the GUI or the CLI. What did you end up inputting for 67? I' m supposed to set option 67 to " pxelinux.0" converted to hex > 7078656c696e75782e301f but that doesn' t work. Also, just leaving out option 67 and inputting option 66 (192.168.1.171 to hex > C0A801AB) doesn' t work either. Any more information you can provide would be helpful and appreciated although I do have a support ticket open. Just seeing if I can' t receive quicker information through the community. -Amor
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors