Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nils
Contributor II

SSLVPN using external DHCP server

Hi,

I'm trying to get my external DHCP to assign IP-addresses to my SSLVPN clients. According to the SSLVPN documentation you should configure DHCP-relay on the ssl.root interface via CLI. To this pont there are no problems.

 

In the SSLVPN settings you should specify a Address Range for the SSLVPN and you cannot specify anything else than "Automatically assign addresses" or "Specify custom IP ranges". In the portal settings, I also need to specify "Source IP Pools".

 

What should I specify there?

I don't want the Fortigate to assign the addresses...

Any ideas?

10 REPLIES 10
stelac
New Contributor

See http://docs.fortinet.com/d/fortigate-ssl-vpn-3  page 17.

 

We're in the progress of implementing it. I just do not know it "Source IP Polls" will continue to work for the portals.

 

Let me know....

Nils
Contributor II

stelac wrote:

See http://docs.fortinet.com/d/fortigate-ssl-vpn-3  page 17.

 

We're in the progress of implementing it. I just do not know it "Source IP Polls" will continue to work for the portals.

 

Let me know....

Hi,

I've seen the documentation.

The problem is that you cannot remove the "Source IP Pools" in the portal, which means that the Fortigate will still act as DHCP server for the VPN users.

I'm running version 5.2.6

stelac
New Contributor

This is more confusing than a thought!!!!

     config system interface

           edit ssl.root

[LEFT]           set dhcp-relay-service [enable|disable][/LEFT]

           set dhcp-relay-ip

        next

     end

 

To relay the request to the DHCP server, the relay has to indicate what is the subnet. Does it use the "Source IP Pools" ?????

 

I opened a ticket with the support... I will update you.

emnoc
Esteemed Contributor III

fwiw: The dhcp relay agent should include the dhcp agent id which is how your dhcp-server allocated dhcp reservations.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
stelac
New Contributor

Could you please send us the CLI commands... Thanks

stelac
New Contributor

The helpdesk agent, Erik Piquette, just replied to my ticket 1644038 saying that "DHCP relay" is not working for SSL VPN. The documentation is bad and has to be adjusted.

Labi
New Contributor

Does anyone know if there is any solution regarding this issue or still not?

koelschman
New Contributor II

Hello,

i´ve the same issue. Is there a known possibility to use dhcp in combination with ssl vpn to provide dhcp options?

 

Regards

Labi

Hi Stelac, did you get any reply from support or still not?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors