Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hans_pixel
New Contributor

Created on ‎03-16-2025 11:51 AM

Two Spectrum modem-only devices can connect to anything and everything except FG.

Firmware
v7.6.2 build3462 (Feature)
ModeNAT

 

I have a FG with the Evaluation License running in a Proxmox VM. There are three interfaces configured: Port3 is the LAN and works fine, Port2 is set to WAN and is connected to Starlink and works fine. Port3 is set to WAN and is connected to Spectrum and no matter what I try, it will not get an IP via DHCP.

 

I can move the modem cable to any other device I have in the building: A tp-link WIFI router, an MSI laptop, a Dell laptop, and they all connect and get an IP without issue. I've tried swapping proxmox interface and VLANs with Starlink, swapping cables with Starlink on the FortiSwitch, I've tried swapping physical ports with Starlink on the FortiSwitch, I've tried swapping the interface with Starlink in the FG, and just now I brought a whole new modem to the game. Nothing has changed. Starlink always comes up and Spectrum fails to connect DHCP.

 

Oh, and I've tried both circuits in and out of SDWAN.

Below is the interface...it is 100% the same as the working Starlink interface except the name. Any thoughts?

 

Screenshot 2025-03-16 142759.png

 

 

 

 

 

None
None
Labels:
63
0 Kudos
1 REPLY 1
Christian_89
Contributor III

Created on ‎03-16-2025 12:23 PM

Below are some possible reasons why a FortiGate running in Proxmox might fail to get a DHCP lease from a Spectrum modem, along with troubleshooting steps you can try. Many of these focus on how cable modems often lock to the first device MAC they see and on ensuring that the Proxmox network bridge and FortiGate configuration are correct.

Step 1 Power cycle the modem and confirm MAC lock behavior
1 Cable modems often lock to the first MAC address they detect
2 Turn off the modem and leave it off for a few minutes
3 Power the modem back on with the FortiGate WAN interface already connected to it
4 After the modem finishes booting, check if the FortiGate obtains an IP

Step 2 Clone the MAC address from a known working device
1 If you have a laptop that obtains an IP successfully from the modem, note the laptop MAC address
2 On the FortiGate, open the CLI and run the commands
config system interface
edit port or the interface name connected to the modem
set macaddress xx xx xx xx xx xx
next
end
3 Replace xx xx xx xx xx xx with the working device MAC address
4 Disable and re enable the interface or reboot the FortiGate and check if it obtains an IP

Step 3 Verify the FortiGate interface configuration
1 Go to Network then Interfaces in the FortiGate GUI
2 Ensure the interface connected to the Spectrum modem is set to Addressing mode DHCP
3 Under Administrative Access, you only need ping or similar for basic troubleshooting
4 Make sure no VLAN is configured on this interface unless Spectrum specifically requires it

Step 4 Confirm the Proxmox bridge setup
1 In Proxmox, check that the network interface for the FortiGate VM is using the correct physical NIC connected to the Spectrum modem
2 Verify there is no VLAN tag or other advanced setting applied unless needed
3 Confirm that the Proxmox bridge is set to pass traffic unfiltered to the VM so the FortiGate can send DHCP Discover frames and receive Offers directly

Step 5 Run a DHCP packet capture on the FortiGate
1 SSH to the FortiGate CLI
2 Enter the following commands to watch DHCP packets on the WAN interface for example, port3
diagnose sniffer packet port3 port 67 or port 68 4
3 Open a second SSH session or console and disable then enable the interface connected to the modem
4 Look for DHCP Discover and DHCP Offer traffic in the output
5 If you see Discover messages but no Offer in response, the modem is not replying

Step 6 Check for interface speed or duplex mismatches
1 Some cable modems can be sensitive to negotiated link settings
2 In the FortiGate GUI or CLI, ensure the interface speed and duplex are set to auto negotiate
3 In Proxmox, ensure the bridge does not force specific speed settings

Step 7 Confirm no SD WAN or policy conflicts
1 If using SD WAN, temporarily remove the Spectrum interface from SD WAN
2 Create a simple WAN interface in normal mode for Spectrum to rule out any SD WAN configuration causing issues
3 Ensure no special policy is blocking DHCP on that interface though typically DHCP requests from the firewall do not need policy rules

Step 8 Swap cables and test with a direct connection
1 Use the same physical cable and port that successfully connects a laptop to the modem
2 Plug that cable directly into the interface on the FortiGate
3 Power cycle the modem again and test

Step 9 Check Spectrum provisioning
1 In rare cases, Spectrum might expect only one device behind the modem
2 If the modem was provisioned for another device, you may need to contact Spectrum support to refresh or reprovision the modem

Step 10 Consider setting a static IP temporarily for a test
1 If your service has a known public IP range or a static assignment option, manually set it on the FortiGate interface for troubleshooting
2 This is less common with residential DHCP, but can help confirm link level and bridging are correct

Summary
1 Power cycle the modem to clear any MAC lock
2 Clone a known working MAC address onto the FortiGate
3 Verify FortiGate interface and Proxmox bridging configuration
4 Run a sniffer on the FortiGate to see if DHCP traffic is coming back
5 Check cable, physical connections, and link negotiation
6 If still no IP, contact Spectrum to refresh or reprovision your modem

Trying the power cycle and MAC clone steps typically resolves the majority of FortiGate plus cable modem DHCP issues, especially if everything else in your configuration is correct

55
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.