Device cant get valid DHCP IP from DMZ interface

Jay1234 · ‎04-27-2022

Hi, I am new to Fortinet firewall, please help me to resolve the issue below. I have a firewall with two interfaces, lan (10.68.30.1/21), dmz (10.68.50.1/24). all work fine, and the device can get DHCP IP from both two interfaces. when I change the subnet configure of lan subnet (10.68.30.1/18) and dmz (10.68.150/24), the lan interface work fine, but the devices cant get valid IP from dmz and it will be fine if I change the device with static IP (10.68.150.5/24).

akristof · ‎04-27-2022

Hi,

Thank you for your question. Please verify couple of things after you change IP of DMZ interface:

- Verify if subnet also changed on DHCP server or not. If not, change accordingly.

- Check if there is old lease, if it is, clear it. Then release/renew IP on client.

- If you have still the problem, enable dhcps debug:

diag debug app dhcps -1

diag debug enable

Then again bounce the port or renew IP address and check the debug if there are any visible errors. To disable debug:

diag debug reset

diag debug disable

Adrian

MikeCanada · ‎11-07-2023

Note.
The 'DHCP server' option cannot be enabled/used on DMZ interfaces.
For the interfaces with DMZ role, DHCP server and Security mode are not available (by design).
If a DHCP server is required on that physical interface, change its role from DMZ to LAN, WAN, or Undefined.

Technical Tip: How to configure FortiGate as DHCP ... - Fortinet Community

kmohan · ‎11-07-2023

Hi Jay,

Kindly check the below kb articles for your reference:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Devices-are-unable-to-get-an-IP-address-fr....

Verify few things:

++Check the configuration on both network >>interface>>Lan or DMZ.
++Same verify on the DHCP server confgure, both Subnet will be same.

Karthick

Device cant get valid DHCP IP from DMZ interface

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website