Hello,
So I'm currently looking to swap my ISP's internet box by my own router/firewall. I have the possibility to get a FortiWifi 60D and I have trouble seeing if it will work. I have the cisco configuration which work and I wonder if I can do the same on this Fortinet.
Here is the config :
interface GigabitEthernet0/0/1
description Physical_Interface_to_Bytel
switchport access vlan 200
switchport mode trunk <- This won't work without it
mac-address XXXX.XXXX.XXXX <- ISP's box mac address
no ip address
interface Vlan200
ip dhcp client client-id hex XXXXXXXXXXXX
ip dhcp client class-id byteliad_data <- This is the important bit that is mandatory
ip address dhcp
ip nat outside
ip virtual-reassembly in
That's it. As you can see the DHCP is the tricky part. My WAN port need to be a DHCP client, and set a request with the option 60 (class vendor). The mac address may not be needed but if I can set it it will be great.
I also have an ubiquiti router configuration that may helps you understand a bit more the problem :
set interfaces ethernet eth0 description LAN
set interfaces ethernet eth1 description WAN
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.2 stop 192.168.1.100
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 ntp-server 192.168.1.1
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 192.168.1.1
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1
set service dns forwarding listen-on eth0
set service dns forwarding listen-on eth2
set interfaces ethernet eth1 vif 200
set interfaces ethernet eth1 vif 200 address dhcp
set interfaces ethernet eth1 vif 200 description Internet
set interfaces ethernet eth1 vif 200 dhcp-options client-option "send vendor-class-identifier "byteliad_data";"
set interfaces ethernet eth1 vif 200 dhcp-options default-route update
set interfaces ethernet eth1 vif 200 dhcp-options default-route-distance 210
set interfaces ethernet eth1 vif 200 dhcp-options name-server update
set interfaces bridge br0
set interfaces ethernet eth1 vif 10
set interfaces ethernet eth1 vif 10 bridge-group bridge br0
set interfaces ethernet eth1 vif 10 description administration
set interfaces ethernet eth1 vif 100
set interfaces ethernet eth1 vif 100 bridge-group bridge br0
set interfaces ethernet eth1 vif 100 description TV
set interfaces ethernet eth2 address 192.168.20.1/24
set interfaces ethernet eth2 description Bbox
set interfaces ethernet eth2 vif 10
set interfaces ethernet eth2 vif 10 bridge-group bridge br0
set interfaces ethernet eth2 vif 10 description administration
set interfaces ethernet eth2 vif 100
set interfaces ethernet eth2 vif 100 bridge-group bridge br0
set interfaces ethernet eth2 vif 100 description TV
set service nat rule 5000 type masquerade
set service nat rule 5000 description "Masquerade"
set service nat rule 5000 outbound-interface eth1.200
set system offload ipv4 vlan enable
set interfaces ethernet eth2 vif 200
set interfaces ethernet eth2 vif 200 address 10.10.2.1/24
set interfaces ethernet eth2 vif 200 description Internet-Bbox
set service dhcp-server shared-network-name net-bbox subnet 10.10.2.0/24 start 10.10.2.2 stop 10.10.2.5
set service dhcp-server shared-network-name net-bbox subnet 10.10.2.0/24 dns-server 10.10.2.1
set service dhcp-server shared-network-name net-bbox subnet 10.10.2.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name net-bbox subnet 10.10.2.0/24 default-router 10.10.2.1
So yeah, can I do the same with a Fortinet ?
Every bit of help will be greatly appreciated.
My ISP at home als requires a vendor-class-identifier and must be in a specific vlan.
I tried this some months ago, at that time there was no option to send a vendor-class-identifier with the DHCP request on the FortiGate. afaik nothing has changed here.
Interestingly the DHCP Server on the Fortigate is able to send custom DHCP parameters. But not if it's acting as a DHCP Client.
So I ended up using a simple linux router which does the DHCP communication, NATing and IGMPproxy for IPTV.
localhost wrote:Thank you. May I ask what do you use as a firewall ?My ISP at home als requires a vendor-class-identifier and must be in a specific vlan.
I tried this some months ago, at that time there was no option to send a vendor-class-identifier with the DHCP request on the FortiGate. afaik nothing has changed here.
Interestingly the DHCP Server on the Fortigate is able to send custom DHCP parameters. But not if it's acting as a DHCP Client.
So I ended up using a simple linux router which does the DHCP communication, NATing and IGMPproxy for IPTV.
Debian netinst on Hyper-V. Takes about 10s to boot. :)
admin@LINUX03:~# cat /etc/dhcp/dhclient.conf | grep class-id -A 4 -B 3
#initial-interval 2;
#script "/etc/dhcp3/dhclient-script";
#media "-link0 -link1 -link2", "link0 link1";
send vendor-class-identifier "100008,0001,,Firewall";
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.