Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
_panda_
New Contributor II

DHCP Server Address Range not allowing variables on FortiManager

Hi,

 

FortiManager Cloud - v7.4.7 build6767

 

I am trying to configure DHCP on one of our FortiSwitch VLANs. The VLAN uses a variable. The basic VLAN itself is fine and has been applied to a switch template and pushed to our FortiGates.

 

variable = branch_number

VLAN IP Address =  10.${branch_number}.20.1/255.255.255.0

 

When trying to enable the DHCP server on the VLAN, I am unable to even close the Edit VLAN Definition page on the GUI. It comes up with the error dhcp-server/ip-range: Invalid IP Range.

 

Screenshot 2025-10-03 131731.png

 

If I remove the variable, it does accept the config and let me click the OK button. 

Its the same if I set the Netmask to 'Same as Interface Netmask'

 

Thanks in advance!

5 REPLIES 5
Stephen_G
Moderator
Moderator

Hi _panda_,

 

Good question. Sorry you haven't received an answer - we'll try to get you a response. In the meantime, if anybody else has any ideas, feel free to reply!

Stephen - Fortinet Community Team
_panda_
New Contributor II

Hi,

 

Some further troubleshooting I've done. I've attempted to get round this by using a CLI Provisioning Template. I have tried a number of different CLI scripts but they all fail with the same error on the same line - the set end-ip line

 

Error Message - 

Copy device global objects

Post vdom failed:
error ip-range end-ip- 1 $vlan_CORP_WIRED_dhcp_end:-999 - invalid value - [line 8] > next [attribute "end-ip" check error - runtime error -999: invalid ip - prop[end-ip]: ip4class($vlan_CORP_WIRED_dhcp_end) invalid ip address]


Copy objects for vdom root

 

Screenshot 2025-10-07 124833.png

 

Some variations of the script, one using my original variable, one using a fully defined pair of IP's 

 

config system dhcp server
edit 20
set interface "vlan_CORP_Wired"
config ip-range
edit 1
set start-ip "10.${branch_number}.20.200"
set end-ip "10.${branch_number}.20.254"
next
end
set netmask 255.255.255.0
set lease-time 86400
next
end

 

 

config system dhcp server
edit 20
set interface "vlan_CORP_WIRED"
config ip-range
edit 1
set start-ip "$vlan_CORP_WIRED_dhcp_start"
set end-ip "$vlan_CORP_WIRED_dhcp_end"
next
end
set netmask 255.255.255.0
set lease-time 86400
next

 

I have had this exact config working before on another FortiManger Cloud. See screenshot below, so I'm not sure what is different. The FortiManager Cloud below is on v7.4.6. The one I am having this issue with is v7.4.7. I tested by creating a new VLAN (vlan_PRINTERS). I was able to complete the setup without any issues, so it looks to be something up with 7.4.7.

 

7.4.7 is still the current recommended version. The next versions available from the Cloud dahboard are 7.6.3 & 7.6.4 (GA.F). If I downgrade to 7.4.6, this will involve a factory reset, plus doesn't answer the question as to whether this issue will crop up again when we inevitably have to upgrade. There is a 7.4.8 available to download from the Fortinet, but this is not showing as available on the Cloud dashboard....

 

-----

Both screen shots from Lab FortiManager running 7.4.6. VLAN 50 created today without issues...

Screenshot 2025-10-07 123837.png

 

Screenshot 2025-10-07 131540.png

ebilcari
Staff
Staff

Have you checked if the metadata variable is mapped correctly as shown here?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
_panda_
New Contributor II

Hi ebilcari,

 

I have mapped them under Policy & Objects > Advanced. This mapping does work for the IP address of the VLAN.

 

Screenshot 2025-10-07 134131.png

_panda_
New Contributor II

Hi,

 

Just a quick update. Fortinet support have confirmed this is a bug in 7.4.7 ( Issue # 1156793) and will be fixed in 7.4.8. I'm unable to update to 7.4.8 because as of writing its unavailable to install on FortiManager Cloud. Support will be updating our instance later in the week (10th Oct 25).

 

They gave me a workaround - Set a valid IP Range without using metavariables first, then replace with metavariables, but I was unable to get it to work when I tried this. For now I'm just going to wait for the upgrade.

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors