DHCP conflict detection?

jamestiberius · ‎10-27-2014

does Fortinet provide DHCP conflict detection as Windows does on its DHCP servers?

had an issue today where someone at one time had given a PC an static IP address, and it was in the range of addresses given out via DHCP, and another device was given that address, causing an IP address conflict.

Windows DHCP conflict detection will ping before it gives out the IP address, can fortinet DHCP be set to do that?

Dave_Hall · ‎10-27-2014

The Fortigate does have a DHCP IP leased monitor, which will show removed conflicted IP addresses (towards the bottom of the list) -- though not sure when the detection takes place. But it sounds like the IP address was already leased out when that computer with the static IP came online.

If you need to locate the rouge computer, the Fortigate does have a "get system arp" command that you can use. On the CLI perform a "exec ping <IP address>" then a "get system arp | grep <IP address>" to get the mac address.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

emnoc · ‎10-27-2014

Yes, fortigates have a dhcp conflict monitor available. Under 5.2.1, you can adjust the timeout under any DHCP server entry

set conflicted-ip-timeout X

Ken

PCNSE

NSE

StrongSwan