Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nils
Contributor II

Created on ‎02-08-2016 06:10 AM

SSLVPN using external DHCP server

Hi,

I'm trying to get my external DHCP to assign IP-addresses to my SSLVPN clients. According to the SSLVPN documentation you should configure DHCP-relay on the ssl.root interface via CLI. To this pont there are no problems.

 

In the SSLVPN settings you should specify a Address Range for the SSLVPN and you cannot specify anything else than "Automatically assign addresses" or "Specify custom IP ranges". In the portal settings, I also need to specify "Source IP Pools".

 

What should I specify there?

I don't want the Fortigate to assign the addresses...

Any ideas?

20412
0 Kudos
10 REPLIES 10
stelac
New Contributor

Created on ‎02-13-2016 12:21 PM

See http://docs.fortinet.com/d/fortigate-ssl-vpn-3  page 17.

 

We're in the progress of implementing it. I just do not know it "Source IP Polls" will continue to work for the portals.

 

Let me know....

5929
0 Kudos
Nils
Contributor II
In response to stelac

Created on ‎02-14-2016 11:40 PM

stelac wrote:

See http://docs.fortinet.com/d/fortigate-ssl-vpn-3  page 17.

 

We're in the progress of implementing it. I just do not know it "Source IP Polls" will continue to work for the portals.

 

Let me know....

Hi,

I've seen the documentation.

The problem is that you cannot remove the "Source IP Pools" in the portal, which means that the Fortigate will still act as DHCP server for the VPN users.

I'm running version 5.2.6

5929
0 Kudos
stelac
New Contributor
In response to Nils

Created on ‎02-15-2016 07:45 AM

This is more confusing than a thought!!!!

     config system interface

           edit ssl.root

[LEFT]           set dhcp-relay-service [enable|disable][/LEFT]

           set dhcp-relay-ip

        next

     end

 

To relay the request to the DHCP server, the relay has to indicate what is the subnet. Does it use the "Source IP Pools" ?????

 

I opened a ticket with the support... I will update you.

5929
0 Kudos
emnoc
Esteemed Contributor III
In response to stelac

Created on ‎02-15-2016 08:23 AM

fwiw: The dhcp relay agent should include the dhcp agent id which is how your dhcp-server allocated dhcp reservations.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
5929
0 Kudos
stelac
New Contributor
In response to emnoc

Created on ‎02-15-2016 12:28 PM

Could you please send us the CLI commands... Thanks

5929
0 Kudos
stelac
New Contributor
In response to emnoc

Created on ‎02-18-2016 05:27 AM

The helpdesk agent, Erik Piquette, just replied to my ticket 1644038 saying that "DHCP relay" is not working for SSL VPN. The documentation is bad and has to be adjusted.

5929
0 Kudos
Labi
New Contributor
In response to stelac

Created on ‎07-07-2017 01:43 PM

Does anyone know if there is any solution regarding this issue or still not?

5929
0 Kudos
koelschman
New Contributor II
In response to Labi

Created on ‎09-19-2017 12:07 AM

Hello,

i´ve the same issue. Is there a known possibility to use dhcp in combination with ssl vpn to provide dhcp options?

 

Regards

5929
0 Kudos
Labi
New Contributor
In response to koelschman

Created on ‎11-14-2017 11:59 PM

Hi Stelac, did you get any reply from support or still not?

5928
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.