Hi Everyone,
Does anyone know how Fortinet behaves when the FW acts as DHCP relay? I am trying to design a scenario whereas the clients in the branch need to go through VPN tunnel to get to the DHCP server in our HQ. We have a route advertised from HQ branch via OSPF to the branch about how to get to the server, also the branch advertises the route back to HQ, after that the closest route match in the branch will be default route which will go to internet (Which obviously there is no server available, since our server is within private range in HQ) Our concern is what happens if a client requests a DHCP address when the tunnel is down for any reason? I understand that clients won't be able to get an address, but specifically what happens when the tunnel re-establishes?
1. Does the FW maintains the connection from when the tunnel was down, then the clients will be matching the same connection which points to towards the default route, when the tunnel is back up? If yes then this will be an issue. In this case, is there any feature to tell the FW to monitor the server connectivity and don't create a connection if the server is not reachable?
2. If my understanding is correct, is there any workaround?
Any help here is greatly appreciated!
SStevens
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
DHCP relay on the Fortigate follows the rules of routing. When the tunnel is down it would attempt to forward out the default route (as you suspected). Once the tunnel is back up routing over the VPN would resume and any new DHCP requests would be sent across the tunnel.
DHCP relay on the Fortigate follows the rules of routing. When the tunnel is down it would attempt to forward out the default route (as you suspected). Once the tunnel is back up routing over the VPN would resume and any new DHCP requests would be sent across the tunnel.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.