Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Budderrick
New Contributor

Created on ‎09-03-2020 08:56 AM

DHCP Server and "Relay" coexistence

Hi Community,

 

Is it possible to have the Fortigate 100F act as DHCP Server and "Relay" in the same VLAN?

I want Clients to get there IP from the Fortigate but everything else forwarded like an additional IP-Helper.

This is mostly for OS Deployment. I know you can configure DHCP Options but this will limited the capability of deployments to specific architectures and devices.

11049
0 Kudos
10 REPLIES 10
emnoc
Esteemed Contributor III

Created on ‎09-03-2020 10:38 AM

So how would the fortigate know who and what to relay?

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
7763
0 Kudos
Budderrick
New Contributor
In response to emnoc

Created on ‎09-04-2020 12:20 AM

It doesn't have to. It answers and forwards "everything" to the additional helper.

First come first serve for the client. Fortigate shouldn't bother what the clients receives or how it is handling it.

7763
0 Kudos
ShawnZA
Contributor II
In response to Budderrick

Created on ‎09-04-2020 05:14 AM

Re-design your network so that you have a separate VLAN for OS deployments only.

7763
0 Kudos
Budderrick
New Contributor
In response to ShawnZA

Created on ‎09-04-2020 05:25 AM

rwpatterson wrote:

 

This makes no sense to me. Any requests on the VLAN would get IP addresses in the VLAN. What's to forward?

E.g.: Boot Options. IP-Helpers serve more than just DHCP.

 

ShawnZA wrote:

Re-design your network so that you have a separate VLAN for OS deployments only.

Will not change the request/question. OSD already is a separate VLAN..

7763
0 Kudos
rwpatterson
Valued Contributor III
In response to Budderrick

Created on ‎09-04-2020 05:46 AM

Other IP helpers are handled by the IP helpers. Boot options would come along with the IP assignment, no? PPTP, TFTP, FTP, etc are handled in the System>Session-helper section.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
7763
0 Kudos
Budderrick
New Contributor
In response to rwpatterson

Created on ‎09-04-2020 06:58 AM

rwpatterson wrote:

Other IP helpers are handled by the IP helpers. Boot options would come along with the IP assignment, no? PPTP, TFTP, FTP, etc are handled in the System>Session-helper section.

Okay. Let me provide some additional information. OSD is done via SCCM. The additional IP Helper would be the PXE Server.

 

1. Client boots using PXE.

2. Client broadcasts for DHCP Server and PXE server.

3. Fortinet (DHCP Server) offers DHCP service.

4. SCCM (PXE Server) offers PXE service.

5. Client asks Fortinet (DHCP) for IP. -> Client gets IP assignment.

6. Client asks SCCM (PXE) for boot instructions (e.g. NBP File).

7. Client downloads NBP and runs it.

 

DHCP Server could be any system. I could remove Fortinet as DHCP Server and use two or more ip helpers instead but I'd like to limit the count of systems.

7763
0 Kudos
rwpatterson
Valued Contributor III
In response to Budderrick

Created on ‎09-04-2020 07:15 AM

OK. Thank you for the clarification. Sorry I can't be of more useful assistance. Good luck.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
7763
0 Kudos
rwpatterson
Valued Contributor III

Created on ‎09-04-2020 04:42 AM

Budderrick wrote:

Hi Community,

 

Is it possible to have the Fortigate 100F act as DHCP Server and "Relay" in the same VLAN?

I want Clients to get there IP from the Fortigate but everything else forwarded like an additional IP-Helper.

This is mostly for OS Deployment. I know you can configure DHCP Options but this will limited the capability of deployments to specific architectures and devices.

This makes no sense to me. Any requests on the VLAN would get IP addresses in the VLAN. What's to forward?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
7763
0 Kudos
ad
New Contributor

Created on ‎09-05-2020 06:10 PM

I know its not what you're asking, but what's the reason for not having the remote DHCP server supply the IPs so you can run a conventional relay config?

7763
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.