Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
julianhaines
New Contributor III

External DHCP for SSL VPN users

I have a FortiGate FGT200F device running firmware 7.* and want to swap from using the internal allocation of VPN IPs via Address List to an internal Windows DHCP server.

 

What I am having issues understanding is if I set up the DHCP helper/relay on the FortiGate and point to my current DHCP server how does the DHCP server know which IP to allocate? The DHCP server currently issues IPs for internal devices but if I need it to issue IPs for VPN clients then it will need to issue a different IP.

 

This may be a Windows question but thought someone may have done this before and have some guidance.

 

Julian

 

 

 

 

1 REPLY 1
ozkanaltas
Valued Contributor III

Hello @julianhaines ,

 

The DHCP server probably understands this from the DHCP option code and you need to specify the IP address that the FortiGate sends the DHCP request to for ssl-vpn.

 

As mentioned in the Fortinet article, the IP address you send the request to should be within the DHCP scope. In this way, the DHCP server will know in which range it gives IP addresses.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-with-external-DHCP-Server/ta-p/215...

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors