All,
Recently purchased a Fortigate 30E to replace my old linux iptables
and linksys ap.
30E firmware: v6.0.4 build0231 (GA)
UBNT Firmware: 4.0.21.9965
When I enabled DHCP for lan on 30e, the wired side is fine.
The Access point is a UBNT UAP-AC-Pro-Gen2. None of the
AP clients are able to retrieve a IP from the 30E.
When I disable the DHCP on the 30E and enable it on the linksys,
the clients work as expected through the UBNT AP and the wired side.
I do show on the 30E clients are assigned IP addresses, however
they are not shown on the actual device via network information.
My Wifi Devices:
- Laptop in win10 pro
- Nexus 5X
- Samsung Galaxy Tab A
I did run a few traces, from the 30E, it receives the Discover and offers an
IP, however nothing is returned.
On the AP, the request is not seen from the 30E, however when I add the linksys
back into the network, I do see the request from the linksys via the AP.
Please Advise,
Joe
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Here's an update.
Below is the output from a capture from the UNIFI AP.
The packet is traversing the network correctly and out the AP.
However, the client is not accepting the IP offered via the fortinet
over Wifi, it is accepting the IP via the linksys.
For fortinet,
What is "option 224" and how can I disable this on the fortinet.?
###
T224 Option 224, length 17: 70.71.84.51.48.69.53.54.49.56.48.55.51.50.49.55.0
###
-------- FROM 30E FOR PC - NO WORK 15:45:12.703699 IP (tos 0x10, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 343) 10.1.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 315, xid 0xa8293d48, secs 768, Flags [Broadcast] Your-IP 10.1.1.50 Client-Ethernet-Address XX:XX:XX:XX:09:88 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 Subnet-Mask Option 1, length 4: 255.255.255.0 Time-Zone Option 2, length 4: -28800 Default-Gateway Option 3, length 4: 10.1.1.1 Domain-Name-Server Option 6, length 8: 10.1.1.10,1.1.1.1 Lease-Time Option 51, length 4: 604800 DHCP-Message Option 53, length 1: Offer Server-ID Option 54, length 4: 10.1.1.1 RN Option 58, length 4: 302400 RB Option 59, length 4: 529200 T224 Option 224, length 17: 70.71.84.51.48.69.53.54.49.56.48.55.51.50.49.55.0 -------- EO FROM 30E FOR PC - NO WORK --------------------- PC WORKS - LINKSYS 15:58:18.305300 IP (tos 0x0, ttl 64, id 41953, offset 0, flags [none], proto UDP (17), length 349) 10.1.1.240.67 > 10.1.1.104.68: BOOTP/DHCP, Reply, length 321, xid 0xe149f657, Flags [none] Your-IP 10.1.1.104 Server-IP 10.1.1.240 Client-Ethernet-Address XX:XX:XX:XX:09:88 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 Subnet-Mask Option 1, length 4: 255.255.255.0 Default-Gateway Option 3, length 4: 10.1.1.1 Domain-Name-Server Option 6, length 4: 8.8.4.4 BR Option 28, length 4: 10.1.1.255 Domain-Name Option 15, length 3: "lan" Lease-Time Option 51, length 4: 43200 DHCP-Message Option 53, length 1: ACK Server-ID Option 54, length 4: 10.1.1.240 RN Option 58, length 4: 21600 RB Option 59, length 4: 37800 FQDN Option 81, length 22: [SO] 255/255 "DESKTOP-XXXXX.lan" --------------------- EO PC WORKS - LINKSYS
Hi Joe, we are having the same issue 100E and same Unifi APs as you are using. Did you ever get a solution to this issue?
Either of you find a fix for this issue? We have numerous sites experiencing the same.
We ran into a similar issue, between a FGT 30E and Ubiquiti AP directly patched, the AP was getting an IP from DHCP but the client's were not. It turned out to be the Access point wasn't allowing broadcast from the ForiGate, once the AP allowed broadcast this fixed our issue.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.