Hello,
I am trying to configure a network interface on my lab fortigate from the FortiManager console.
[ul]The result, is the port is configured with the IP address settings I specified, however the DHCP server is still disabled with no values. I have tried to go back in and re-submit the DHCP Server settings, and they continue to disappear after the Install Config step. I have tried this on a couple of devices using 5.4.3 and 5.6.4. Is there an obvious step I am missing or is this simply not a supported way to configure a DHCP server?
thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What is the FMG firmware version? ADOM version? And what does the install log show when you first pushed the interface setting change?
If FMG didn't even attempt to install the DHCP server settings then it would help to see the syntax as displayed in the FMG CLI:
exec fmpolicy print-device-object <ADOM> <device name> <VDOM> "system interface" <interface>
e.g.,
exec fmpolicy print-device-object root Test-FGT root "system interface" internal
keep in mind that on gui dhcp server settings are part of the interface setup but on cli they are on their own!
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Current FMG Firmware is 6.0.2-build0205. Pretty sure I tested this on the previous build (5.4.1-build 1082)as well, but not certain. I have tried this on devices in ADOM version 5.4, 5.6, and 6.0. It looks like there are no DHCP server values getting passed on the config step. ## First Run Log Starting log (Run on device) Start installing FGVM-602 $ config system interface FGVM-602 (interface) $ edit "port2" FGVM-602 (port2) $ set ip 10.50.50.1 255.255.255.0 FGVM-602 (port2) $ set allowaccess https ping ssh snmp http FGVM-602 (port2) $ set role lan FGVM-602 (port2) $ next FGVM-602 (interface) $ end ---> generating verification report (global: system interface "port2":device-identification) remote original: enable to be installed: <--- done generating verification report ------- Start to retry -------- FGVM-602 $ config system interface FGVM-602 (interface) $ edit "port2" FGVM-602 (port2) $ unset device-identification FGVM-602 (port2) $ next FGVM-602 (interface) $ end ---> generating verification report <--- done generating verification report install finished ## Output from FMG CLI Command exec fmpolicy print-device-object TEST-60 FGVM-602 root "system interf ace" port2 Dump object [port2] of category [system interface] in device [FGVM-602] vdom[root]: --------------- config system interface edit "port2" set vdom "root" set ip 10.50.50.1 255.255.255.0 set allowaccess https ping ssh snmp http set type physical set role lan set snmp-index 2 next end
Happy to test further. Thank you for assisting here.
Thanks, sw2090, for pointing out that in the CLI, the DHCP settings are stored separately from interface settings. So sjWelter, good too look at CLI output for DHCP settings also: exec fmpolicy print-device-object TEST-60 FGVM-602 root "system dhcp server" all note: one of those dhcp servers should reference port2 Also, would be good to see what FGT CLI has for dhcp server as well. And I'm curious whether a Retrieve followed by an Install causes FMG to push the change.
# FMG Command RMC-FMG # exec fmpolicy print-device-object TEST-60 FGVM-602 root "system dhcp server" all Dump all objects for category [system dhcp server] in device [FGVM-602] vdom[root]: --------------- # Fortigate CLI FGVM-564 (server) # show config system dhcp server end
No DHCP servers are in either config. I went back to the Device manager, and edited the port to add a DHCP Server (see image-01) hit ok, received a success note. Then I immediately went back into the port and the DHCP Server settings were gone again. So its not sticking long enough to even push it seems.
Are you using system templates? If so, the DHCP widget would overwrite what is in device DB.
Hello sjWelter,
Yes that is the right place to look.
[ul]
Let's check the compatibility chart https://docs.fortinet.com/uploaded/files/2902/fortimanager-compatibility.pdf
[ul]
Let us know about the results.
Cheers
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.