Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
beltskyy
New Contributor III

Fortigate WAN interface cannot obtain an IP from ISP's DHCP server, other routers are ok

Since April of this year after we moved our IT services to another area I faced with the problem - our Fortigate 100F cannot get an IP from ISP's DHCP, it usually happening when my ISP's device suddenly lose power on their side or we have the power failure from our side. It cannot obtain an IP until I plug the cable from the PON to the other router or PC directly, after that router or PC can get an IP and then I re-plug the cable back to Fortigate - it immediately get and IP too. And it's working until we are facing with the next power failure from ISP side again (from our side we decided such problem with the UPS and generator set).
This summer I opened ticket in the support, we communicated a long time, did a lot of tests (debug and packet capture sniffing) but there was no any result. From the ISP - they simply suggested us to use another router, for example Mikrotik which doesn't have such a problem.
Does anybody faced with the same problem? I tried to search in the Internet and found couple of topics with similar problem but they ended with no solution (2016-2017 year).
My Fortigate is up-to-dated to 7.2.3 build 1262. Now the WAN interface stuck on the "Connecting..." phase which will end with "Failed." I tried to re-enable interface, re-plug it physically, but only plugging it to the other router and back to Fortigate can help me now.
I have just opened new ticket, they now suggest me to try any other DHCP with my WAN port, I know what will they say finally, that WAN interface is working with the other server (before it worked without any problem with my local ISP) and then they will close the ticket... But it'll not help me at all. The ISP is also have an argument that the other router is working fine. So I am cornered now. Please help!!!

5 REPLIES 5
PC
New Contributor III

"It cannot obtain an IP until I plug the cable from the PON to the other router or PC directly, after that router or PC can get an IP and then I re-plug the cable back to Fortigate -"
-> Have you tried doing this but giving it the same time it takes to plug into something else but plugging it back into the FortiGate? Thinking it might be just that you are taking the connection down then bringing it back up. 
->To better understand where DHCP is failing I would do a packet capture during a working DHCP negotiation between the devices so I can see the exact working packet flow.  Then take a capture when it is not working and see what device doesn't follow the same flow. The renew option on the interface should work to get the DHCP request going. Other option would be to disable then reenable the interface on the FortiGate and see if that gets you a new IP.  

beltskyy
New Contributor III

The next time I will try not to plug to the PC, but plug some other interface, for example from the Aruba switch which is the next one to the Fortigate and will let you know.

For the DHCP packet capture, I will try to do it when will have the next fail, but I cannot to physically re-plug, I will re-switch interface state and also will let you know.

Yurisk
Valued Contributor

Not a verified solution, just a guess - have you tried changing the WAN's MAC address on the FGT ?

https://community.fortinet.com/t5/FortiGate/How-to-set-or-change-the-MAC-addresses-associated-with-a...

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
beltskyy
New Contributor III

Sure, from the very beginning I used port1 as wan interface and MAC from the previous router, I didn't want to make a lot of changes in my configuration because I thought that soon we should return back to main HQ. But with time I decided to use WAN port (it was suggestion of the man from the support who followed my case the first time), so I changed it and return all MAC's to factory default and agreed with ISP to use device MAC for DHCP.

beltskyy
New Contributor III

2022-12-08_16-41-23.png

What is the interesting, after it gets an IP after re-plug the cable, it starts to successfully renew it every 5 minutes till the next failure...

Top Kudoed Authors