I'm sorry if my English is difficult to read.
We use Fortigate 50E to provide Wi-Fi services to our customers.
The DHCP range is 172.16.0.2 - 172.16.1.254.
More than 500 DHCP addresses will be assigned.
Last weekend, Some devices were unable to connect to the Internet even though they had IP addresses assigned.
DHCP addresses were not exhausted.
this is
- Have you exceeded the number of sessions?
- Has the number of NAT tables been exceeded?
First of all, can this 50E handle more than 500 PCs?
Is it better to think that there was something beyond the product specifications?
Is there a way to find out the cause?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
If IP addresses are assigned by DHCP and if the devices are able to ping the GateWay, make sure that NAT solution you are using is enough for your users. If using only the wan interface IP to NAT then may be it's not enough, try extending the Wan Pool addresses by adding more wan IPs. Hope this solve your issue.
Ramada
Hello @boomana
Please check the below attached datasheet
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_FortiWiFi_50E_Series.pdf
The FortiGate 50E is capable of handling 1.8 million concurrent sessions, which should be sufficient for more than 500 PCs. However, you need to ensure that the firewall and NAT policies are correctly configured to manage these sessions effectively.
let us know if you have any queries
Thanks,
Pavan
Hi @boomana,
It sounds like your DHCP lease time is too long.
The default DHCP lease time is 7 days (or 604800 seconds). That means each IP is lease to a device for a full 7 days and can’t be reused by another device.
Try reducing your lease time to something like 7200 seconds (2 hours). That’s generally enough and DHCP doesn’t add much overhead for the clients. Even 4 or 8 hours should work fine.
Hope that helps.
Andy.
I think its still fine . It also depends on your AP broadcasting device. Currently my office has more than 400 device maybe more, I am still using 90D running SD WAN with 2 ISP lines . Still good though
Hi,
If IP addresses are assigned by DHCP and if the devices are able to ping the GateWay, make sure that NAT solution you are using is enough for your users. If using only the wan interface IP to NAT then may be it's not enough, try extending the Wan Pool addresses by adding more wan IPs. Hope this solve your issue.
Ramada
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.