Why Fortigate devices has this limitation? In many cases I'd like to have static configuration on some hosts and also have address reservation for them (in that case outside the dhcp range) just for documentation purpose.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Could you elaborate on what you mean?
What prevents you from manually creating a reservation using the host's MAC address?
Regards, Chris McMullan Fortinet Ottawa
In one of my networks I have about 100 users, 10-15 printers and a few servers. Printers are statically addressed in IP range: 10.0.0.20-10.0.0.49. I don't have all IP's perfectly aligned in that range, so to maintain this range on Fortigate is extremely hard. I had to add numerous exclusions or add many ranges which is limited. Very awkward design, I don't understand why DHCP server cannot reserve any address that is possible on interface. It's common in other vendor devices.
In
I think you need to explore the cli but the DHCP resevation method is actually good and much better now in 5.2x since all is under the dhcp server.
config system dhcp server edit 88 set dns-service default set default-gateway 10.199.199.1 set netmask 255.255.255.0 set interface "transparent0" config ip-range edit 1 set start-ip 10.199.199.10 set end-ip 10.199.199.20 next end config reserved-address edit 1 set ip 10.199.199.11 set mac ba:e8:53:11:22:10 set description "virthstmacosx3" next end next end
Your default action is reseved with block and assigned as an options. See if this is helpful for you.
PCNSE
NSE
StrongSwan
I know this post is quit old now but I'm facing the same problem : reservations are mixed with dynamic IP attribution and it's really annoying.
On all systems I used (Windows DHCP, Netgear, Linksys, ...) we can reserve an IP outside of the DHCP range which is a good thing.
For example, I reserve addresses in range 10.1.1.20 to 10.1.1.30 for printers and laptops received dynamic IP from range 10.1.1.100 to 10.1.1.199.
I miss that capability, too. Many products allow ip address reservation outside DHCP ranges. Even open source solutions such as OPNsense and VyOS can do that.
Why is this (still) not possible with Fortinet devices?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.