Hello,

I am working on a project where I am deploying 90G firewalls across branches. It's a manual configuration for initial connectivity like LAN, WAN, Policies, and IPsec, while the rest is managed in FortiManager afterwards.

To eliminate repetitive work in the GUI, I use Python for the initial configuration. I configure two LAN networks with DHCP as "VLAN switches." However, once I complete the configuration, I can get an IP address from the second VLAN (CCTV) switch I created, but I am unable to get an IP from the first DHCP server (LAN) configured (config sys dhcp server > edit 2).

Every time, I need to log in to the GUI, disable the DHCP, and configure it again to make it work.

I have tried several methods in the CLI, such as disabling and enabling, reconfiguring, restarting, etc., but I end up with the port malfunctioning, where it does not come up. As soon as it detects a cable, it switches off.

Do you have any idea how I can reset or enable the DHCP service in the initial configuration itself?

#Virtual_Switch_for_LAN
channel.send('config system virtual-switch\n')
channel.send('\n')
channel.send('edit "'+FWNAME+'-LAN"\n')
channel.send('\n')
channel.send('set physical-switch sw0\n')
channel.send('\n')
channel.send('config port\n')
channel.send('edit "port2"\n')
channel.send('\n')
channel.send('next\n')
channel.send('end\n')
channel.send('next\n')
channel.send('\n')

#Interface_for_LAN
channel.send('config system interface\n')
channel.send('\n')
channel.send('edit "'+FWNAME+'-LAN"\n')
channel.send('\n')
channel.send('set vdom root\n')
channel.send('\n')
channel.send('set ip '+LANIP+'.1 255.255.255.0\n')
channel.send('set allowaccess ping https fgfm\n')
channel.send('set type hard-switch\n')
channel.send('set alias "'+FWNAME+'-LAN"\n')
channel.send('\n')
channel.send('next\n')
channel.send('end\n')
channel.send('\n')

#DHCP_for_LAN
channel.send('config system dhcp server\n')
channel.send('edit 2\n')
channel.send('set lease-time 86400\n')
channel.send('set default-gateway '+LANIP+'.1\n')
channel.send('set netmask 255.255.255.0\n')
channel.send('set interface "'+FWNAME+'-LAN"\n')
channel.send('config ip-range\n')
channel.send('edit 1\n')
channel.send('set start-ip '+LANIP+'.100\n')
channel.send('set end-ip '+LANIP+'.150\n')
channel.send('next\n')
channel.send('end\n')
time.sleep(1)
channel.send('\n')
channel.send('set dns-service specify\n')
channel.send('set dns-server1 x.x.x.x\n')
channel.send('set dns-server2 x.x.x.x\n')
channel.send('config options\n')
channel.send('edit 1\n')
channel.send('set code 43\n')
channel.send('set value "x.x.x.x"\n')
channel.send('next\n')
channel.send('end\n')
time.sleep(1)
channel.send('\n')
channel.send('Set status enable\n')
channel.send('next\n')
channel.send('end\n')
channel.send('\n')

#Virtual_Switch_for_CCTV
channel.send('config system virtual-switch\n')
channel.send('edit "'+FWNAME+'-CCTV"\n')
channel.send('set physical-switch sw0\n')
channel.send('config port\n')
channel.send('\n')
channel.send('edit "port6"\n')
channel.send('\n')
channel.send('end\n')
channel.send('next\n')
channel.send('end\n')
channel.send('next\n')
channel.send('\n')

#Interface_for_CCTV
channel.send('config system interface\n')
channel.send('edit "'+FWNAME+'-CCTV"\n')
channel.send('set vdom root\n')
channel.send('set ip '+CCTVIP+'.1 255.255.255.0\n')
channel.send('set allowaccess ping\n')
channel.send('set type hard-switch\n')
channel.send('set alias "'+FWNAME+'-CCTV"\n')
channel.send('next\n')
channel.send('end\n')

#DHCP_for_CCTV
channel.send('config system dhcp server\n')
channel.send('edit 3\n')
channel.send('set lease-time 86400\n')
channel.send('set default-gateway '+CCTVIP+'.1\n')
channel.send('set netmask 255.255.255.0\n')
channel.send('set interface "'+FWNAME+'-CCTV"\n')
channel.send('config ip-range\n')
channel.send('edit 1\n')
channel.send('set start-ip '+CCTVIP+'.101\n')
channel.send('set end-ip '+CCTVIP+'.140\n')
channel.send('next\n')
channel.send('end\n')
channel.send('set dns-service specify\n')
channel.send('set dns-server1 x.x.x.x\n')
channel.send('set dns-server2 x.x.x.x\n')
channel.send('next\n')
channel.send('end\n')
channel.send('\n')

Commands 

#Virtual_Switch_for_LAN
config system virtual-switch
edit "'+FWNAME+'-LAN"
set physical-switch sw0
config port
edit "port2"
next
end
next

#Interface_for_LAN
config system interface
edit "'+FWNAME+'-LAN"
set vdom root
set ip '+LANIP+'.1 255.255.255.0
set allowaccess ping https fgfm
set type hard-switch
set alias "'+FWNAME+'-LAN"
next
end

#DHCP_for_LAN

config system dhcp server
edit 2
set lease-time 86400
set default-gateway '+LANIP+'.1
set netmask 255.255.255.0
set interface "'+FWNAME+'-LAN"
config ip-range
edit 1
set start-ip '+LANIP+'.100
set end-ip '+LANIP+'.150
next
end
set dns-service specify
set dns-server1 x.x.x.x
set dns-server2 x.x.x.x
config options
edit 1
set code 43
set value "x.x.x.x"
next
end
Set status enable #I tried this command as well
next
end

#Virtual_Switch_for_CCTV

config system virtual-switch
edit "'+FWNAME+'-CCTV"
set physical-switch sw0
config port
edit "port6"
end
next
end
next

#Interface_for_CCTV
config system interface
edit "'+FWNAME+'-CCTV"
set vdom root
set ip '+CCTVIP+'.1 255.255.255.0
set allowaccess ping
set type hard-switch
set alias "'+FWNAME+'-CCTV"
next
end

#DHCP_for_CCTV
config system dhcp server
edit 3
set lease-time 86400
set default-gateway '+CCTVIP+'.1
set netmask 255.255.255.0
set interface "'+FWNAME+'-CCTV"
config ip-range
edit 1
set start-ip '+CCTVIP+'.101
set end-ip '+CCTVIP+'.140
next
end
set dns-service specify
set dns-server1 x.x.x.x
set dns-server2 x.x.x.x
next
end