I have a dhcp problem on several of my client sites (spoke). my client has 44 remotes sites, all connected in VPN on the central site (2 VPNs, fiber and Lte links).
For unknown reasons, DHCP requests do not work and users disconnect from the network after the DHCP lease expires. the problem starts working again when I do this:
diag sys session filter dst 10.x.x.x
diag sys session clear
the Problem do not happen on all the site at the same time, and any changed has made on the configuration, and the problem happen randomly
Is someone can help me with please
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have spoke sites experiencing the same issue.
FG-81E's connected back to the hub (VM01, 601E, 501E) via IPsec interface tunnels, OSPF routing. Issue appeared after upgrading to 6.4, not all sites affected. Same work around, cleared sessions with the destination of the DHCP server on the other end of the tunnel.
Sniffing for UDP 67+68 traffic on the spoke shows that the FG is sending DHCP traffic out the physical interface that the IPsec tunnel is attached to, not within the tunnel. All other traffic from the spoke LAN to the hub LAN (same subnet that the DHCP server resides on), exits the spoke through the tunnel and not the physical interface.
Currently running 6.4.7 on the hubs and 6.4.7/6.4.8 on the spokes
No I haven't identified the root cause or opened a ticket with support, but it's on the list of things to do.
The current work around that I'm using is to clear the stuck session that's sending traffic out the physical interface instead of the tunnel interface. I'm only noticing this issue on spoke sites connected via a static VPN tunnels, I have a dial-up VPN tunnel from my home office to hub/HQ (w/ OSPF) and have never had an issue receiving DHCP from the hub.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.