Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wsal
New Contributor III

Created on ‎02-01-2024 12:05 PM

fortigate communication to dhcp relay

hi, I am implementing dhcp relay on fortigate to my windows server virtual machine.

Fortigate is a gateway for user vlans (e.g. vlan 100) and is a gateway for server vlans (e.g. vlan 101)

in the vlan 100 configuration, I have windows server 10.10.101.2 indicated as dhcp relay. however, I wonder if I need to tag vlan 100 to the windows server virtual machine?

How does fortigate forward dhcp request from cliet to windows server? is it done through policies since fortigate is a gateway for user and server vlans? does fortigate see that the relay address is its connected network, or does the gateway of user vlan 10.10.100.1 forward the dhcp request from vlan 100 to 101?

I wonder if I need to add all user vlans as tagged to the windows server?

Zrzut ekranu 2024-02-01 210222.jpg

Labels:
919
0 Kudos
2 REPLIES 2
AEK
SuperUser
SuperUser

Created on ‎02-01-2024 02:14 PM

Hello

DHCP relaying is not like any traffic, it doesn't need any firewall policy, because when FG receives the DHCP request from clients, actually FG generate a new DHCP request and sends it to server.

The new DHCP request is sent by FG to DHCP server via the route that is indicated by FG's routing table. In your case the route is connected.

You don't need to add tagged VLAN 100 to your Windows server, since the DHCP relay does all the required job.

To check DHCP relay config (if needed), just see below link, go to section "DHCP relay".

https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/747452/basic-configuration

 

AEK
AEK
897
sw2090
SuperUser
SuperUser

Created on ‎02-01-2024 11:06 PM

yes and this is because DHCP is basically UDP broadcast traffic which is not routeable.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
864
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.