Hi.
The "new" equipment from our local ISP delivers public IP's only by DHCP. We have a strange problem that keep happening from time to time. All of a sudden the Fortigate stops getting a new DHCP lease and we loose WAN connectivity.
Troubleshooting done by the ISP: Shutting the port which the Fortigate is connected to. Put the CPE in router mode with another subnet and dhcp scope and back to bridge mode again. Nothing helps.
The ISP says they get the dhcp request, sends the offer, but it looks like the Fortigate "closes its ears" and does not get the offer, from their point of view. When rebooting the Fortigate everything comes back up as normal. The strange thing is that when this first happens, it usually happens 2-3 times in a row when the lease expires, then it can work perfectly for months. This has so far happened on remote systems with companies that can not wait for me to get out there and debug on the Fortigate side, so we have just had to have some local people go over there and power cycle the Fortigate to get internet up and running again. So i have no debug info from the Fortigate.
So far this problem has shown itself on 60D, 90D and 300D. Firmware version 5.2.3, 5.2.4 and 5.2.5. I have googled the problem and have not found anyone that has this exact same problem. The release notes of said versions and those before/after does not include any known or resolved issues related to the Fortigate as a DHCP client.
The ISP says they have had a few other customers have this problem as well, and they also had Fortigates. Could this be some kind of bug between Fortigate and the DHCP server software the ISP is running?
This happened to a 90D today running 5.2.4, i will upgrade this one to 5.2.7 and see if that makes any difference. In the meantime, does anyone have any idea what could be causing this? I know debug data from the Fortigate would help a lot but unfortunately i have none at this time.
Hi there -
Just my 2 cents and experience; maybe the could be of use for some others ..
I encountered quite a similar DHCP-problem.
I have a 60C on FortiOS 5.2.1.
Only WAN1 is used.
WAN1 is connected to a Fritzbox 6820 (=a Homerouter; connects to WAN via LTE mobile).
WAN1 gets its address by DHCP from the Fritzbox.
Traffic is low, means: on the 60C there is only an appartment; so: home use.
Approx all 19 days, the FG 60C loses the WAN-connection completely.
It even does not connect any more to the direct attached Fritzbox.
The Fritzbox gets restarted (power cycled) every 48 hours (reason is on the LTE side).
Unfortunately, the FG 60C does not recognize reliable that the WAN1 interface goes down and (after 1 - 2 Minutes) comes up again. But the last entries in the event log are saying "send dhcp packet failed". The timestamp of this entry correlates exactely with the 1 - 2 Minutes in which the Fritzbox is rebooting.
I noticed this behavior since 7 months (7 months ago, the Fritzbox got in place).
Before, the FG60 was connected to a ADSL-cable-modem (lent to me by the carrier), but also there I remarked this strange behavior.
Up to now, I couldn't help me but to restart the FG60 completely.
Having found this thread (by searching for the error text I found in the FG60 event log), I now switch the WAN1-Port to fixed ip. Based on what I found on logs, there really seems to be a problem with the DHCP-renew-mechanism (if on the side of the fortiOS/Fortigate; I can't confirm; but signs are pointing in this direction).
I will watch what happens in 19 days (and post the results, if I don't forget).
Unfortunately, the switch to a fixed ip did not help either.
I had to restart the FG to gain internet access again.
As FG60C is quite old now, I don't investigate further on this problem. Instead, I am installing a switched power outlet with a built-in timer. FG60C will now be powercycled 1 x per week.
I think I am having this same issue on 5.4.7 FG60D.
ISP <--fiber--> ONT <-- ethernet--> FG60E (5.4.7)
Did anyone ever find a good solution?
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
We had the problem and apparently it is on the ISP side giving to few IP leases.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.