Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DHCP not work
hi there,
need help please.
we use FG 100D. I have set for the interface 1 as a dhcp server (thicked), declare IP range for dhcp. here summary setup:
IP for Interface 1 = 192.168.1.1
secondary ip addres = 192.168.100.1
DHCP range: 192.168.100.2 - 192.168.100.5
then I save. I try to client, but client can' t get auto IP.
need help. thanks.
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello there,
need help here please
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi papapuff,
I' m not sure if what you want to do is possible.
When you configure the address range of the DHCP server it needs to be in the same subnet as the interface, not the secondary IP address.
When I try this out in my lab I can see the FortiGate warning me about this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree with Neonbit -- not sure what papapuff is trying to accomplish with trying to create a dhcp pool on a different subnet to the Interface, unless he is trying to set up
some sort of NAT loopback or NAT hairpinning.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
thanks for reply.
why I don' t see any warning on my FG? and can be saved.
FW version is 5.02
thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m guessing that the check feature was added on the newer versions.
I' m running 5.2.1 (the latest version), I' m not sure if your 5.02 means 5.2.0 or 5.0.2, if it' s 5.0.2 I would recommend upgrading at least to 5.0.7 (preferably to 5.0.9) since it fixes the heart bleed vulnerability.
Or live life in the fast lane and goto 5.2.1 :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi, the version is:
FG100D-5.00-build252
thank you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think DHCP works only to main IP, as you told before. :D
for security reason, which one is better:
option 1.
I use 2 interface, 1 interface for dhcp so guests/public devices can access internet over DHCP without interrupt internal network.
option 2, use 1 interface, with main IP is for DHCP (so public devices will use this IP segment), and secondary IP is for internal network.
thank you
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since we haven' t got a network diagram and the network requirement it' s a little hard to confirm the best approach, but if it' s possible to put the guest/public users on a different interface I would definitely recommend that. Separate them physically and logically from your internal network whenever possible.
This way you would have a policy from guest > wan, and a policy from trust > wan. It will make it much easier to track usage and control policies.
Also you' re currently running 5.0.5, this is vulnerable to heartbleed. I would recommend you look into upgrading the device to 5.0.7 at a minimum (with 5.0.9 more ideal). You can upgrade the device to 5.0.7 directly, but will require it to be 5.0.7 before going to 5.0.9. The 5.0.9 release notes can be found here: http://docs.fortinet.com/d/fortios-5.0.9-release-notes
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
suddenly dhcp not work. clients can get IP from DHCP.
now I set some ports into LAN (not as interface), and enable dhcp on that interface (LAN).
is the FG auto-update? if I do upgrade, do I need to re-setup again? vpn, policy and so on?
thanks.