Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
foshejh
New Contributor

On-Net / Off-Net on STATIC IP's

To All,

  Does anyone have any ideas for how to allow Clients with Static IP's to show as On-Net when on the internal network?  In our specific case, our servers are all set with a static IP address.  FortiClient running on the Servers (2012R2) only show as off-net.  Therefore, components like Web Filtering are managed at the client and not by the FortiGate.  It would be best if they could show as On-net.

 

  We are using the DHCP Scope Option 224, as suggested in the following thread, with great success, for all other clients.  Thanks in advance for your help and suggestions!

 

https://forum.fortinet.com/tm.aspx?m=112938&high=on-net+off-net

 

 

Thanks,

 

-foshejh

3 REPLIES 3
Sartuche24
New Contributor

I have the same question as well. We are wanting to implement the FortiClient piece on our Servers but want to ensure they show as on-net versus off-net so web-filtering is disabled while they are on the network. The DHCP 224 works great for the workstations but not for devices that are statically assigned.

kolawale_FTNT

FortiOS 5.4 and FortiClient 5.4 both allow users to specify the IP subnet address for use in determining on-net/off-net status. If the endpoint's IP address is in the defined subnet, it will be considered on-net. This may be combined with the use of the DHCP option.

 

This is included in 5.4.0 Beta 1 on both FortiClient and FortiOS. You may want to try Beta 2 to see if it addresses this for you.

foshejh
New Contributor

Kolawale,

  Thank you very much for your reply!  It is great to know that FortiNet is working through the Beta testing of FortiClient 5.4.  Recently, we upgraded FortiOS and FortiClient from 5.2.3 to 5.2.4.  Is was not a great experience for us, as we encountered a lot of new problems.  Therefore, a few days later, we downgraded back to 5.2.3.  I would love to try the Beta version, but we are not in a situation where we can slow down production at the office with Beta testing.  Therefore, it looks like we will need to wait for a later release, after more testing has been completed.

 

  Again, I appreciate your reply and look forward to future releases of FortiClient.  I hope that some resources are studying the Application Firewall as well in release 5.4.  I would not mind trying the beta version of FortiClient only, if it is compatible with FortiOS 5.2.3 to test these two items.  I would love to be helpful if I could.

 

 

Sartuche,

  Please take note of the issues that we experiences with FortiClient on our Servers.  https://forum.fortinet.com/tm.aspx?m=126238.  Our particular setup may be different, but it seems that there are not a lot of businesses using FortiClient on Servers?  Once we disabled the Application Firewall, everything seems to be running much faster and smoother now.

 

 

Thanks,

 

-foshejh

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors