- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Wifi often not receiving IP address
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wifi often not receiving IP address
Hi guys
I need some help. I recently upgraded. I recently upgraded my Fortigate 100F to the 7.2.4 version. At the same time I also upgraded my FP431F to the latest version (7.2)
I currently run a setup with two different wifi networks both in tunnel mode. We have a guest network that is running fine without any issues, but there is also a corporate network that is having some weird issues. Sometimes when you try to connect you do not receive an ip address at all and sometimes you do, but after a few minutes it is gone again. I checked the dhcp scope and there should be plenty of IP addresses left.
My thinking is that it has something to do with the ipsec tunnel the corporate network has access to. That's about the only difference between the two. Is there someone who can assist ?
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Generally you should check if DHCP functions correctly (meaning that the DHCP exchange of messages is done, and ACK received from client). This will also show you where/if the packet is lost.
Start with a packet capture:
diag sniffer packet interface_name/any "port 67 or port 68" 6 0 l
then, if still inconclusive, look into what FortiGate does.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Diagnosing-DHCP-on-a-FortiGate/ta-p/192960 (you are looking at the server daemon)
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @AlexC-FTNT
I thought it was solved, since it worked stable for about two days. Yesterday however we had an internet outage and this morning the problem started appearing again. Could this be related ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't see any relation between them. Unless the DHCP server is not Fortigate, but a remote server over VPN. In which case the internet outage will also prevent local machines to get IPs.
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a dhcp situation too, next time you don't get an ip address try executing clear dhcp lease all, then try to connect again to the wifi, i found that clears my connection error but yet to find what causes it...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you provide more info? What is acting as the DHCP server? Is it the FortiGate? Is it a different device? Is it located on the other end of the IPSec tunnel? Please provide all releveant details so we can assist properly.
Cheers,
Graham
Graham
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'll eleborate a bit more. We have an office site with a fortigate 100F with 8 FortiAP FP431F. We currently use an HP switch (don't exactly know the model). The switch is configured as a hub (I know this is bad) because we're waiting on delivery of new switches and we don't have an HP console cable.
I use two wifi networks which both are in tunnel mode (because of no configurable switches) because of this I'm still able to seperate traffic between the wifi networks.
The guest network which goes straight to the internet has no problem at all.
The private network which has access to an IPsec tunnel to a datacenter often loose its dhcp lease and gets the message "no internet, secured"
Both networks use the fortigate as DHCP server. The only difference I see is the DNS server that is configured in the private network. This one is located on the other side of the IP sec tunnel. However with LAN this server is perfectly pingable while the wifi has issues
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK still need more details:
- How is your switch configured as a "hub"? I think you mean to say something else? Do you just mean every switch port is in the same VLAN?
- Have you absolutely confirmed that the device is losing DHCP and not just internet connectivity? How are you confirming this? "no internet, secured" could mean that it has DHCP lease but can't reach internet—perhaps due to DNS issue or something else.
- Is this affecting only one type of device or multiple?
Cheers,
Graham
Graham
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Graham
Thanks for the response.
1. I assume every port is indeed on the same VLAN, but unfortunately I can't check.
2. I did confirm it is the DHCP server, because if I run an ipconfig I get a 169 address.
3. It is affecting multiple devices on multiple access points, however not all devices at once.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK next up we should grab some packet captures. Can you please run a packet capture on a problematic device and attach here?
At the same time please run the following commands during problematic device lease acquisition and attach the output:
diagnose debug application dhcps -1
Cheers,
Graham
Graham
Related Posts
Labels
-
FortiGate
6,457 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.