Fortigate DHCP Failover

fortigate_champ84 · ‎10-17-2023

We have two firewalls connected to x2 different ISPs. We are looking for DHCP to be configured on both however really interested to know how DHCP failover would work .e.g if Firewall 1 WAN connection is down only then clients should be able to get a DHCP lease from Firewall 2.

Please can someone suggest.

srajeswaran · ‎10-17-2023

Can you share some more details on the connectivity/design.

Are these 2 firewalls in cluster (FGCP/FGSP)?
The DHCP clients are connected to same LAN?

How are the clients connected to these 2 fortigates?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

fortigate_champ84 · ‎10-17-2023

@srajeswaran these two firewalls are not in HA cluster and working independtly at the moment. However I am looking for some suggestions as whether to setup HA active-passive and failover this way.

Solution looks like

ISP1 -> WAN1 - Fortigate1- Switch A-- Switch B -- Switch C-- clients connect via wired and APs

ISP1 -> WAN2 - Fortigate2- Switch A --Switch B -- Switch C-- clients connect via wired and APs

hbac · ‎10-17-2023

Hi @fortigate_champ84,

If both firewalls are not in HA cluster, I don't think failover's gonna work. I would suggest configuring them as an HA cluster.

Regards,

srajeswaran · ‎10-17-2023

You may explore the VRRP option. Enable VRRP between FGT1 and FGT2, use VRRP IP as gateway on LAN/DHCP clients. VRRP failover can be configured based on the ISP link state .

Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-VRRP-Active-failover-with-link-monitor/ta-...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Fortigate DHCP Failover

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website