Created on 10-28-2022 08:43 AM Edited on 10-28-2022 08:45 AM
I've inherited a fortigate 60E in a business location. The owners say every few months people can't connect to the wifi network. The business gets dozens of people a day who connect to the Wifi. So my suspicion is the Fortigate is hitting some limit of 255 192.168.1.X ip addresses? In the past I would tell them to reboot the Internet modem going into the fortigate. That would clear things up. But now looking to get to the bottom of this and solve it :)
Here's what I see in the settings below. Ignore the "Guest Wifi VLAN" as nobody uses that as it does not work. Folks connect to the regular Wifi network and get a 192.168.1.x address.
Solved! Go to Solution.
Sure, try one day for now and see how it goes. If you still have issues you can reduce it to 6 hours and so on...
Most likely a DHCP lease time issue. Set the DHCP lease time to something really short like 30 minutes. Especially if this wi-fi network services visitors who come and go. That way DHCP leases won't be stuck and filling up the table preventing new leases for new visitors.
If it's a concurrent connection issue (i.e. you have >255 users at once on the network) you need to increase the subnet size.
Thanks. Whereabouts in the web GUI for the fortigate 60e can I edit the DHCP lease settings? At most we will have 50 concurrent users so I guess no need to increase the subnet size. However we have staff who connect to the Wifi everyday. Will changing the lease to 30 minutes potentially adversely affect them?
Depends on which version of FOS you are on. Later versions you can access Lease Time setting in GUI. But you will for sure be able to do it via CLI: https://docs.fortinet.com/document/fortigate/6.4.10/administration-guide/783526/dhcp-servers-and-rel... (look at section for configuring lease time).
Shortening the lease time should not adversely affect clients. If 30 minutes improves things you can slowly increase to 1 hour, 2 hours etc to see what works best.
Thanks, I am using this version of the GUI. I am very nervous about making any changes via command line as I don't want to risk breaking anything.. Would prefer if I can post screenshots of what I want to do before actually doing them :)
I beleive for this version you must do it in the CLI. You cannot break anything using CLI as long as you only input the appropriate command..
You may check your GUI under interface settings under the DHCP Server section if you see Lease Time option:
Created on 11-02-2022 06:58 AM Edited on 11-02-2022 06:58 AM
I don't think I see any options for DHCP lease in our GUI. However, I am not sure I am looking at the right place. In the guide you linked to it says, "On low-end FortiGate units, a DHCP server is configured on the internal interface". So if I "Edit" the internal interface I get the options below.
If I have to do via command line what would I have to enter for the values:
Again, I am very nervous one wrong entry is going to break the whole system...
config system dhcp server edit <server_entry_number> set interface <interface> set netmask <netmask> set lease-time <seconds> next end
That's the GUI setting for the interface to receive an IP using DHCP (ie. as a client). If you scroll down you should see the options for "DCHP server".
For CLI, if you paste the output of " show system dhcp server" I will tell you exactly what you need to put in.
Ah ok, think I found it after scrolling down! Seems it is set to 1 week. I will change it to 1 day ( 86400 ) unless you think otherwise . I know you mentioned 30 minutes, but seems 1 day should work, no?
Sure, try one day for now and see how it goes. If you still have issues you can reduce it to 6 hours and so on...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.