Hi I need a quick solution:
My users can get DHCP IPs from FortiGate Physical Interface DHCP Servers shown below (both from 172.16.55.1 and 192.168.56.1). However my users did not get IP from VLANs DHCP Server shown here (from 172.16.52.253 and 192.168.135.1).
Users are connected via Juniper EX4100 Switches.
Firewall policy is allowed.
The same problems happen on the internal VLAN switch and it's VLAN too.
Anyone has any solution please.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @smalatif
Usually that means the clients are not on the same broadcast domain as your firewall interface. That means the issue can be probably somewhere at L2 level, like the misconfiguration in trunk interface, a wrong VLAN id, a wrong VLAN config, etc...
The Juniper switch configuration is just a very straightforward:
show interfaces ge-0/2/3
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 52 all ];
}
}
}
Thats the config for the port that is connected to the Fortigate, right ? .. Can you also show the config of the port you have connected your client. ?
When a new interface type VLAN is created in FGT tied to a physical interface it means that the VLAN interface (Event and Test in your example) will receive the traffic that is tagged with that VLAN header only. The interface itself (that is currently working in your setup) will receive only untagged traffic. Make sure that the VLAN ID is allowed as tagged on the switchport that connects with FGT and configured as access on the port where the end host is connected.
Hi @smalatif,
FortiGate will lease out DHCP IPs according to the VLAN ID of DHCP requests. Please check on EX4100 Switches and make sure the ports are configured with correct VLAN IDs. You can also run DHCP debug and you will see which interface the request is coming from: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Diagnosing-DHCP-on-a-FortiGate/ta-p/192960
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1073 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.