- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On-Net / Off-Net
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
-rd 2x 200D Clusters 1x 100D
1x 60D FortiOS 5.2 FortiAP 221C FAZ 200D
- « Previous
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok so all you need to do is have a scope on your 2008R2 server with the option 224 hex value for when the client in on the LAN. Then you need to create a scope if you have not already on the fortigate for the remote VPN users. The option for FortiClient on-net status needs to be checked as you pointed out. There shouldn't be any issues with multiple DHCP sources. We have our 2008R2 DHCP sending out the option for LAN users. We also have our Juniper SA appliances sending out the option for remote users, as the Juniper SA appliances handle DHCP for remote.
Let me know if this helps.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
terry_jjr wrote:So I configured a predifined option on our 200R2 DHCP server IPv4 as follows: name - forticlient status, data type - String, code - 224, no description. Clicked OK and then added the HEX string in which I got by converting the serial number to HEX here http://www.asciitohex.com/ I then configured the new DHCP option on the single scope and I am testing now.
I did not need to convert to hex when using 2008 R2 DHCP. I took the Fortigate serial as-is and entered it directly into option 224 (string data type). Using Wireshark, I was able to see option 224 returned as hex in response to DHCP INFORM packets from the clients.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just did some wireshark sniffing on the DHCP client on the internal network and I couldn't see option 224 coming from the DHCP server. I am wondering if my settings are correct. I can all the other standard options in the wireshark file. Do my settings look correct on the DHCP server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The on-net/off-net status option is not available in the VPN configuration. I am only able to specify the range the fortigate will give the clients and nothing more :(
It appears that there is a growing demand for a feature to support 3rd party DHCP based on customer feedback.
The more people that ask for this, the faster it will be delivered.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see. I have not dealt with the SSLVPN configuration on the fortigate, as we utilize Juniper. Is it causing any issues having the FortiClient think that it is off-net when you are connected over SSLVPN?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We've tried the option 224 in a windows 2008 enviroment. With windows 7 clients. This seems to work perfect. But the apple users with Forticlient doesn't show up on-net when they are in the same segment as the other windows 7 clients.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am new to Forti-ALL We have just purchased a 100e Fortigate V5.4. I want to employ FortiClient across our campus but must see it in action working as needed before I can buck the 3ed party support that sold us the Fortigate as they are pushing something else. My background 6 years removed was Novell but I'm working this MS Server 2008 environment now that provides DHCP from the server. I see 5.4 requires DHCP running on the Fortigate to provide "On-Net / Off-Net" recognition. I NEED to make sure laptops going off campus can not disable Forticlient. Can the Fortigate DHCP service run parallel to the Microsoft AD-DHCP in a limited fashion just for remote clients?
- « Previous
- Next »