fortigate communication to dhcp relay

wsal · ‎02-01-2024

hi, I am implementing dhcp relay on fortigate to my windows server virtual machine.

Fortigate is a gateway for user vlans (e.g. vlan 100) and is a gateway for server vlans (e.g. vlan 101)

in the vlan 100 configuration, I have windows server 10.10.101.2 indicated as dhcp relay. however, I wonder if I need to tag vlan 100 to the windows server virtual machine?

How does fortigate forward dhcp request from cliet to windows server? is it done through policies since fortigate is a gateway for user and server vlans? does fortigate see that the relay address is its connected network, or does the gateway of user vlan 10.10.100.1 forward the dhcp request from vlan 100 to 101?

I wonder if I need to add all user vlans as tagged to the windows server?

AEK · ‎02-01-2024

Hello

DHCP relaying is not like any traffic, it doesn't need any firewall policy, because when FG receives the DHCP request from clients, actually FG generate a new DHCP request and sends it to server.

The new DHCP request is sent by FG to DHCP server via the route that is indicated by FG's routing table. In your case the route is connected.

You don't need to add tagged VLAN 100 to your Windows server, since the DHCP relay does all the required job.

To check DHCP relay config (if needed), just see below link, go to section "DHCP relay".

https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/747452/basic-configuration

AEK

sw2090 · ‎02-01-2024

yes and this is because DHCP is basically UDP broadcast traffic which is not routeable.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams