Hi, I am new to Fortinet firewall, please help me to resolve the issue below. I have a firewall with two interfaces, lan (10.68.30.1/21), dmz (10.68.50.1/24). all work fine, and the device can get DHCP IP from both two interfaces. when I change the subnet configure of lan subnet (10.68.30.1/18) and dmz (10.68.150/24), the lan interface work fine, but the devices cant get valid IP from dmz and it will be fine if I change the device with static IP (10.68.150.5/24).
Hi,
Thank you for your question. Please verify couple of things after you change IP of DMZ interface:
- Verify if subnet also changed on DHCP server or not. If not, change accordingly.
- Check if there is old lease, if it is, clear it. Then release/renew IP on client.
- If you have still the problem, enable dhcps debug:
diag debug app dhcps -1
diag debug enable
Then again bounce the port or renew IP address and check the debug if there are any visible errors. To disable debug:
diag debug reset
diag debug disable
Note.
The 'DHCP server' option cannot be enabled/used on DMZ interfaces.
For the interfaces with DMZ role, DHCP server and Security mode are not available (by design).
If a DHCP server is required on that physical interface, change its role from DMZ to LAN, WAN, or Undefined.
Technical Tip: How to configure FortiGate as DHCP ... - Fortinet Community
Hi Jay,
Kindly check the below kb articles for your reference:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Devices-are-unable-to-get-an-IP-address-fr....
Verify few things:
++Check the configuration on both network >>interface>>Lan or DMZ.
++Same verify on the DHCP server confgure, both Subnet will be same.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.