Since April of this year after we moved our IT services to another area I faced with the problem - our Fortigate 100F cannot get an IP from ISP's DHCP, it usually happening when my ISP's device suddenly lose power on their side or we have the power failure from our side. It cannot obtain an IP until I plug the cable from the PON to the other router or PC directly, after that router or PC can get an IP and then I re-plug the cable back to Fortigate - it immediately get and IP too. And it's working until we are facing with the next power failure from ISP side again (from our side we decided such problem with the UPS and generator set).
This summer I opened ticket in the support, we communicated a long time, did a lot of tests (debug and packet capture sniffing) but there was no any result. From the ISP - they simply suggested us to use another router, for example Mikrotik which doesn't have such a problem.
Does anybody faced with the same problem? I tried to search in the Internet and found couple of topics with similar problem but they ended with no solution (2016-2017 year).
My Fortigate is up-to-dated to 7.2.3 build 1262. Now the WAN interface stuck on the "Connecting..." phase which will end with "Failed." I tried to re-enable interface, re-plug it physically, but only plugging it to the other router and back to Fortigate can help me now.
I have just opened new ticket, they now suggest me to try any other DHCP with my WAN port, I know what will they say finally, that WAN interface is working with the other server (before it worked without any problem with my local ISP) and then they will close the ticket... But it'll not help me at all. The ISP is also have an argument that the other router is working fine. So I am cornered now. Please help!!!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
"It cannot obtain an IP until I plug the cable from the PON to the other router or PC directly, after that router or PC can get an IP and then I re-plug the cable back to Fortigate -"
-> Have you tried doing this but giving it the same time it takes to plug into something else but plugging it back into the FortiGate? Thinking it might be just that you are taking the connection down then bringing it back up.
->To better understand where DHCP is failing I would do a packet capture during a working DHCP negotiation between the devices so I can see the exact working packet flow. Then take a capture when it is not working and see what device doesn't follow the same flow. The renew option on the interface should work to get the DHCP request going. Other option would be to disable then reenable the interface on the FortiGate and see if that gets you a new IP.
The next time I will try not to plug to the PC, but plug some other interface, for example from the Aruba switch which is the next one to the Fortigate and will let you know.
For the DHCP packet capture, I will try to do it when will have the next fail, but I cannot to physically re-plug, I will re-switch interface state and also will let you know.
Not a verified solution, just a guess - have you tried changing the WAN's MAC address on the FGT ?
Sure, from the very beginning I used port1 as wan interface and MAC from the previous router, I didn't want to make a lot of changes in my configuration because I thought that soon we should return back to main HQ. But with time I decided to use WAN port (it was suggestion of the man from the support who followed my case the first time), so I changed it and return all MAC's to factory default and agreed with ISP to use device MAC for DHCP.
What is the interesting, after it gets an IP after re-plug the cable, it starts to successfully renew it every 5 minutes till the next failure...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.