Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
julianhaines
New Contributor III

Created on ‎10-31-2024 08:16 AM

FortiGate SSL VPN with External DHCP Server

HI,

 

I am planning to move my FortiGate SSL VPN to an external DHCP Server and have the following plan using a loopback interface following the FortiGate document link below.

 

I am unsure if my plan will work and if I have the correct Firewall Policies etc, does it look good?

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-with-external-DHCP-Server/ta-p/215...

 

Plan 31-10-24.png

Labels:
945
1 Solution
tpatel
Staff
Staff

Created on ‎10-31-2024 01:24 PM

Hello Julian, 

 

It look correct configuration, as you have mention ra-giaadr as loopback ip address so you will also get a ip according to that scope. Also checked connectivity between loopback address to dhcp server like ping from loopback to dhcp server ip address.

View solution in original post

895
6 REPLIES 6
tpatel
Staff
Staff

Created on ‎10-31-2024 01:24 PM

Hello Julian, 

 

It look correct configuration, as you have mention ra-giaadr as loopback ip address so you will also get a ip according to that scope. Also checked connectivity between loopback address to dhcp server like ping from loopback to dhcp server ip address.

896
julianhaines
New Contributor III
In response to tpatel

Created on ‎11-01-2024 12:50 AM

Thank you

830
0 Kudos
saleha
Staff
Staff

Created on ‎10-31-2024 01:36 PM

Hi,

 

Thank you for reaching out. The diagram is more focused on howe you are building your local and sslvpn network. It does not show any concerns related how you are going to connect to the remote dhcp server also the article that provides the guiding steps should be straight forward. You can test and let us know if you ran into an issue or specific error to give you a more direct advise.

 

Thank you,

saleha

890
julianhaines
New Contributor III
In response to saleha

Created on ‎11-01-2024 12:52 AM

Thank you, I was not sure about the Firewall Rules and VIP's, the DHCP part is simple and handled by the DHCP GIADDR option.

827
0 Kudos
vbandha
Staff
Staff

Created on ‎10-31-2024 01:54 PM

Hello @julianhaines 

 

I want to highlight one thing:
"Starting in v7.2.4, support was added to the SSL VPN for the DHCP GIADDR option. This option allows administrators to specify which DHCP scope should be used when allocating addresses to their SSL VPN users, whereas previously SSL VPN users could only receive IP addresses in the same subnet as the FortiGate's local DHCP server-facing interface (i.e. 10.10.12.0/24 on the FortiGate's port2 in the example topology)."

 

Make sure the FortiOS version is above 7.2.4 if you are planning to use this feature.

 

Other than that, everything looks good

 

Regards,

Varun

885
julianhaines
New Contributor III
In response to vbandha

Created on ‎11-01-2024 12:53 AM

Thank you, I am running version 7.x and using the DHCP GIADDR option.

822
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.