Hello Fortinet Community,
I am currently working with a FortiGate firewall 61F v7.2.6 setup where I have a VLAN switch interface named bgroup0 with a physical connection to internal3. The IP address assigned to bgroup0 is 192.168.1.1/24, and it is connected to an Aruba switch.
The goal is to have new devices that connect via LAN cable to the Aruba switch send DHCP requests to the bgroup0 interface. However, for security purposes, I would like these devices to receive IP addresses from a different subnet, such as 192.168.2.0/24. I initially tried using a secondary IP, but due to subnet conflicts, this did not work as intended.
I am considering configuring DHCP Relay on the bgroup0 interface to forward these DHCP requests to another DHCP server(internal2 or internal5) that is configured to assign IP addresses in the 192.168.2.0/24 range. However, I am uncertain about the exact configuration steps required to achieve this.
Could anyone provide guidance or confirm if this approach is feasible? Specifically, I would appreciate assistance with the necessary commands to configure DHCP relay on the bgroup0 interface, as well as any potential considerations or best practices to ensure smooth operation.
Thank you very much for your support and assistance!
Hi @hannq ,
There is no special command for DHCP Relay. Actually, as per your screenshots, you already configured the DHCP Relay on bgroup0 pointing to 192.168.9.1 which is the interface internal2.
However, it seems that interface internal2 does not have DHCP configurations with 192.168.2.0/24 subnet.
Another thing is that you need a firewall policy allowing traffic between bgroup0 and internal2.
The concept of DHCP Relay is that it is pointing to another DHCP server which has the IP of the DHCP Relay setting.
This Youtube video might give you the idea how to configure DHCP Relay on FortiGate:
Configure Fortigate Interface Using DHCP Relay With Windows Server
Thank you very much for your help! I watched the video on configuring a DHCP server with Windows Server, and it provided some useful insights.
I’d like to clarify my setup and see if you could offer further guidance. My goal is to set up DHCP relay from one interface (e.g., bgroup0) to another interface (internal2). I’ve already configured a DHCP range on internal2 to assign IP addresses, and I’ve created a firewall policy to allow communication between these interfaces.
However, it’s still not working as expected. internal2 is not assigning IP addresses to devices connecting through bgroup0. Could you help me troubleshoot this issue or suggest any additional settings I might need to check?
Thank you again for your assistance!
Hi @hannq ,
Please capture some pcap using the following CLI command:
diag sniffer packet any 'host 192.168.9.1 and (port 67 or port 68)' 6
Then try to reproduce the issue to get some packet captures.
Please attach the outputs as a TEXT file so I can convert them for further investigation.
And please provide the relevant firewall policies as well.
"Another thing is that you need a firewall policy allowing traffic between bgroup0 and internal2."
What for? DHCP Relaying means the incoming request terminates on the FGT and gets proxied to the destination. This doesn't need any policy.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.