Fortigates incompatibility with Telenet DOCSIS 3.1 E-ROUTER

duetgroup_tech · ‎05-19-2020

Hello all.

If you are using a Fortigate with the Belgian Cable ISP Telenet, you should know that there is a known incompatibility between Fortigates and the new Telenet DOCSIS 3.1 E-ROUTER. This is the kind of router that they install for all new clients. For now, it is possible to request Telenet to install a DOCSIS 3.0 modem and that solves the issue, but going forward this could become a big problem, especially if they require all their clients to switch to DOCSIS3.1.

The problem seems to be that Fortigates don't support Unicast DHCP.

As far as I can tell the incompatibility is known to Telenet, but I don't know if Fortinet knows or not. I have opened a TAC case to find out.

mjcrevier · ‎05-19-2020

I saw similar issues with Netgear modems used by Comcast in the States. Wonder if they use the same hardware.

emnoc · ‎05-19-2020

Can you explain unicast DHCP? The whole purpose of DHCP is the client has no "address" so how is unicast used here? Outside of a DHCP-relay concept, DHCP is broadcasted

Ken Felix

PCNSE

NSE

StrongSwan

duetgroup_tech · ‎05-20-2020

From what I understand, "Unicast DHCP" is a misnomer.

Unicast refers to the Broadcast flag set in the Bootp flags. The Fortigate sets it to "Broadcast", whereas regular Windows/MacOS clients set it to "Unicast".

emnoc · ‎05-21-2020

Interesting i would have to capture a DHCP datagram, but broadcast and unicast just determines the action of the DHCP-offer as 0.0.0.0 or x.x.x.x in the offer from my understanding.

In the above you would need to look at the offer and witness is being set imho. I would use a dhcp-tool to test the above with the ISP and see what's happening or grab the difference 2 or more different devices for comparison.

Ken Felix

PCNSE

NSE

StrongSwan

waterboy1602 · ‎05-28-2020

Hi,

I'm experiencing exactly the same problem. Did you already found a fix for this or did you just change your modem with a DOCSIS 3.0 one?

I just swapped my DOCSIS 3.0 for a 3.1 one, but didn't do enough research to find this before hand. Can I possible fix this with the 3.1 modem?

avka1453 · ‎10-07-2021

Hi,

Does anyone know if this issue has been resolved with a fortinet update?

thanks

waterboy1602 · ‎10-07-2021

I can tell you that in the mean time this bug has been fixed. I'm using a DOCSIS 3.1 E-ROUTER from Telenet with a Fortigate firewall myself and the bridging functionality works without flaws.

avka1453 · ‎10-07-2021

That's great! Which version are you on?

Kind regards,

waterboy1602 · ‎10-13-2021

Any idea how I can find on which version I am?

Fortigates incompatibility with Telenet DOCSIS 3.1 E-ROUTER

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website