Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
_panda_
New Contributor II

Created on ‎10-03-2025 06:32 AM

DHCP Server Address Range not allowing variables on FortiManager

Hi,

 

FortiManager Cloud - v7.4.7 build6767

 

I am trying to configure DHCP on one of our FortiSwitch VLANs. The VLAN uses a variable. The basic VLAN itself is fine and has been applied to a switch template and pushed to our FortiGates.

 

variable = branch_number

VLAN IP Address =  10.${branch_number}.20.1/255.255.255.0

 

When trying to enable the DHCP server on the VLAN, I am unable to even close the Edit VLAN Definition page on the GUI. It comes up with the error dhcp-server/ip-range: Invalid IP Range.

 

Screenshot 2025-10-03 131731.png

 

If I remove the variable, it does accept the config and let me click the OK button. 

Its the same if I set the Netmask to 'Same as Interface Netmask'

 

Thanks in advance!

Labels:
289
0 Kudos
1 Solution
_panda_
New Contributor II

Created on ‎10-08-2025 02:48 AM

Hi,

 

Just a quick update. Fortinet support have confirmed this is a bug in 7.4.7 ( Issue # 1156793) and will be fixed in 7.4.8. I'm unable to update to 7.4.8 because as of writing its unavailable to install on FortiManager Cloud. Support will be updating our instance later in the week (10th Oct 25).

 

They gave me a workaround - Set a valid IP Range without using metavariables first, then replace with metavariables, but I was unable to get it to work when I tried this. For now I'm just going to wait for the upgrade.

View solution in original post

187
5 REPLIES 5
Stephen_G
Moderator
Moderator

Created on ‎10-05-2025 06:12 PM

Hi _panda_,

 

Good question. Sorry you haven't received an answer - we'll try to get you a response. In the meantime, if anybody else has any ideas, feel free to reply!

Stephen - Fortinet Community Team
254
_panda_
New Contributor II

Created on ‎10-07-2025 05:19 AM

Hi,

 

Some further troubleshooting I've done. I've attempted to get round this by using a CLI Provisioning Template. I have tried a number of different CLI scripts but they all fail with the same error on the same line - the set end-ip line

 

Error Message - 

Copy device global objects

Post vdom failed:
error ip-range end-ip- 1 $vlan_CORP_WIRED_dhcp_end:-999 - invalid value - [line 8] > next [attribute "end-ip" check error - runtime error -999: invalid ip - prop[end-ip]: ip4class($vlan_CORP_WIRED_dhcp_end) invalid ip address]


Copy objects for vdom root

 

Screenshot 2025-10-07 124833.png

 

Some variations of the script, one using my original variable, one using a fully defined pair of IP's 

 

config system dhcp server
edit 20
set interface "vlan_CORP_Wired"
config ip-range
edit 1
set start-ip "10.${branch_number}.20.200"
set end-ip "10.${branch_number}.20.254"
next
end
set netmask 255.255.255.0
set lease-time 86400
next
end

 

 

config system dhcp server
edit 20
set interface "vlan_CORP_WIRED"
config ip-range
edit 1
set start-ip "$vlan_CORP_WIRED_dhcp_start"
set end-ip "$vlan_CORP_WIRED_dhcp_end"
next
end
set netmask 255.255.255.0
set lease-time 86400
next

 

I have had this exact config working before on another FortiManger Cloud. See screenshot below, so I'm not sure what is different. The FortiManager Cloud below is on v7.4.6. The one I am having this issue with is v7.4.7. I tested by creating a new VLAN (vlan_PRINTERS). I was able to complete the setup without any issues, so it looks to be something up with 7.4.7.

 

7.4.7 is still the current recommended version. The next versions available from the Cloud dahboard are 7.6.3 & 7.6.4 (GA.F). If I downgrade to 7.4.6, this will involve a factory reset, plus doesn't answer the question as to whether this issue will crop up again when we inevitably have to upgrade. There is a 7.4.8 available to download from the Fortinet, but this is not showing as available on the Cloud dashboard....

 

-----

Both screen shots from Lab FortiManager running 7.4.6. VLAN 50 created today without issues...

Screenshot 2025-10-07 123837.png

 

Screenshot 2025-10-07 131540.png

216
0 Kudos
ebilcari
Staff
Staff

Created on ‎10-07-2025 05:29 AM

Have you checked if the metadata variable is mapped correctly as shown here?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
214
_panda_
New Contributor II

Created on ‎10-07-2025 05:43 AM

Hi ebilcari,

 

I have mapped them under Policy & Objects > Advanced. This mapping does work for the IP address of the VLAN.

 

Screenshot 2025-10-07 134131.png

209
0 Kudos
_panda_
New Contributor II

Created on ‎10-08-2025 02:48 AM

Hi,

 

Just a quick update. Fortinet support have confirmed this is a bug in 7.4.7 ( Issue # 1156793) and will be fixed in 7.4.8. I'm unable to update to 7.4.8 because as of writing its unavailable to install on FortiManager Cloud. Support will be updating our instance later in the week (10th Oct 25).

 

They gave me a workaround - Set a valid IP Range without using metavariables first, then replace with metavariables, but I was unable to get it to work when I tried this. For now I'm just going to wait for the upgrade.

188
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.