Fortigate debug dhcp relay 10. Pero, en caso de problemas. Since the DHCP client will not be under the same subnet as the DHCP server, it is important to configure another IP address pool (10. What happened? The DHCP relay refused to work with VLAN 999's IP with these errors on debug: considering interface v182_usr2_forti: enabled Relay client interface: v182_usr2_forti Fortinet Documentation Library You can configure a FortiSwitch interface as a DHCP relay. Run a diag sniffer to see if you see the traffic coming in and if the gate is responding and sending to the proper server. 2. 6. 0 set allowaccess ping https ssh snmp http set type To configure the DHCP relay servers: config system interface edit "port2" set dhcp-relay-service enable set dhcp-relay-ip 10. Solution . config system interface edit "Phase" set dhcp-relay-service enable set dhcp Jun 4, 2011 · The DHCP server must have the appropriate routing so that its response packets to the DHCP clients arrive at the unit. 4. As we have a centralized DHCP server infrastructure, we have configured DHCP relay in the firewall facing that server to send that request to the DHCP server. If you are serving IP from FortiGate (not set type relay), then it won’t forward to NAC. 200 192. 29. Jun 4, 2011 · FortiGate-5000 / 6000 / 7000; NOC Management. This section covers the following topics: Configuring a DHCP server; Detailed operation A DHCP server dynamically assigns IP addresses to hosts on the network connected to the interface. set vdom "root" set dhcp-relay-service enable set ip 192. I turned on debugging for DHCP relay and this is what I got: 2013-01-13 19:58:01 L3 socket: received request message from 192. May 1, 2025 · diagnose debug reset. After receiving a DHCP request from a client, the FortiGate forwards it to all configured serv config system interface edit "port3" set vdom "vdom1" set ip 10. diag debug reset diag debug application dhcps -1 diag debug enable . 2 The client fails to retrieve its IP through DHCP In such cases, please provide us with the following debug outputs: Ø The dhcp debug output 1. 255 at wan2 2. 12 OS running. To configure a DHCP server to assign IP addresses to IPsec VPN clients: Create a user group for remote users: Go to User & Device > User Definition To configure the DHCP relay servers: config system interface edit "port2" set dhcp-relay-service enable set dhcp-relay-ip 10. Jul 2, 2010 · These flow rules handle traffic when the IPv6 DHCP client sends requests to a DHCP server using port 547 and the DHCP server responds using port 546. FortiManager Debug report Fault relay support Configuring a DHCP relay . Ensure that any routers in between the DHCP server and the FortiGate (acting as the DHCP relay) have routes back to the FortiGate for the new SSL VPN DHCP subnet. Jun 4, 2011 · The DHCP server must have the appropriate routing so that its response packets to the DHCP clients arrive at the unit. 4. 6 SSID1: Bridge mode, get IP from Windows DHCP Server. 200 â Apr 25, 2023 · FortiOS 7. diag debug application dhcps -1 exec dhcp lease-clear all diag test application dhcprelay 99 The debugging didn't seem to indicate there was an issue, and we only noted successful leases from other Interfaces. Note: By default, the debug will run for a maximum of 30 minutes, but this can be modified by including the following command in the command list above: To configure the DHCP relay servers: config system interface edit "port2" set dhcp-relay-service enable set dhcp-relay-ip 10. DHCP smart relay on interfaces with a secondary IP. This is a major issue for us as our main Fortigate is used as a DHCP relay, and it is the only one so we cannot test it before. FortiGate non-blocking auth daemon. 182. The following CLI variables are included in the config system dhcp server > config reserved-address command: Jan 18, 2024 · Activar DHCP server, lo pones en modo relay -> Type regular -> y añades la ip de tu servidor de DHCP . config system interface edit "port3" set vdom "vdom1" set ip 10. 0 set allowaccess ping https ssh snmp http set type Jun 4, 2011 · If DHCP server has multiple DHCP scopes, the address in the gateway IP address field (GIADDR) identifies the DHCP scope from which to offer an IP address lease. diagnose debug console timestamp enable. You can configure one or more DHCP servers on any FortiGate interface. If DHCP server has multiple DHCP scopes, the address in the gateway IP address field (GIADDR) identifies the DHCP scope from which to offer an IP address lease. 0 set allowaccess ping Jan 13, 2013 · I already have a DHCP server on the internal network and so I figured I'd configure the firewall to relay the DHCP to dial up VPN clients. Solution Sample Configuration: config system interface edit "VLAN-NAME" set dhcp-relay-serv DHCP smart relay on interfaces with a secondary IP FortiGate DHCP works with DDNS to allow FQDN connectivity to leased IP addresses Debug commands Jun 4, 2011 · Configuring a DHCP relay . Configuring a DHCP relay . 57. DHCP relay to a DHCP server on a different subnet. Nov 23, 2023 · We have a Fortigate with a FortiAP for WiFi. diagnose debug application <process/daemon name> -1. However, if DHCP relay is involved, requests from the DHCP relay to the DHCP server and replies from the DHCP server to the DHCP relay both use port 547. 6. Deberias ver algo como esto. At that point, clients under the first DHCP_relay were not able to get the IP address (only wifi clients, cabled users were working fine). The Option code is specific to the application. The FortiGate will track the number of unanswered DHCP requests for a client on the interface's primary IP. 255 at wan2 Apr 27, 2024 · 本記事について 本記事では、Fortinet 社のファイアウォール製品である FortiGate での DHCP リレーの設定方法について説明します。 動作確認環境 本記事の内容は以下の機器にて動作確認を行った結果に基づいて作成されています A DHCP server dynamically assigns IP addresses to hosts on the network connected to the interface. And this diagram from the mentioned link it is really useful: Configure a DHCP relay on an interface To configure a DHCP relay in the GUI: Go to Network > Interfaces. For more information about options, see: DHCP Feb 16, 2012 · For us, problem with DHCP started when we added a second DHCP relay configuration. 200. You can configure a DHCP relay on any layer-3 interface. It won’t respond but it’ll do fingerprinting to profile a host. In this example, the DHCP server assigns IP addresses in the range of 172. 2, mask 255. Aug 22, 2007 · From Configuration of DHCP relay through a Fortigate-to-Fortigate IPSec VPN Configuration example of regular DHCP relay through a Fortigate-to-Fortigate IPSec VPN Please note that although a DHCP request is being relayed through an IPSec tunnel, this is not a “DHCP-over-IPsec†feature configuration. To configure a DHCP relay in the CLI: Configure the interface: diag debug application dhcps -1 exec dhcp lease-clear all diag test application dhcprelay 99 The debugging didn't seem to indicate there was an issue, and we only noted successful leases from other Interfaces. A DHCP server can be in server or relay mode. For Mode, select Relay. Scope FortiGate. 2 mac e8:1c:ba:de:aa:16 in vd root [debug If DHCP server has multiple DHCP scopes, the address in the gateway IP address field (GIADDR) identifies the DHCP scope from which to offer an IP address lease. If you are using DHCP snooping making sure you have trusted the proper uplinks as well. This. I kindly ask: On the network interface of the SSID should DHCP relay be enabled ? Should policies be created to allow DHCP traffic from this interface to the DHCP server ? To configure the DHCP relay servers: config system interface edit "port2" set dhcp-relay-service enable set dhcp-relay-ip 10. edit 1 VLAN 182 (172. I have also Dec 26, 2022 · that if the FortiGate is the gateway for the VLAN, it is necessary to define the DHCP relay when the VLAN interface is created on the FortiGate. Solution: Topology: PC-----Switch1(vlan451)-----Switch2-----Port 11 - Fortigate Relay- Port 10 -----DHCP Server. This is a common scenario found in enterprises where all DHCP leases need to be managed centrally. Oct 4, 2012 · This article explains how to configure multiple DHCP IP pools on the same interface of a FortiGate acting as a DHCP server for DHCP relay servers. diagnose debug application fnbamd. Mar 11, 2025 · From what I understand on various internet sources, removing padding from DHCP packets could be an issue for certain devices that could no more get an IP. Enable debug with: #diag debug en #diag debug console timestamp en #diag debug app dhcprelay 7 -> if using an IPsec DHCP relay #diag debug app dhcps 7 -> if using an IPsec DHCP sever 2. On the net I found some examples of IPV6 DHCP configurations but for some reasons it's not working on my FTG. Oct 24, 2022 · We will configure the Client for DHCP and meanwhile, we will run DHCP debug on the DHCP server and the DHCP Relay Agent: interface Ethernet1/0 ip address dhcp duplex full end *Oct 23 22:26:46. 2. Apparently the DHCP request is not making it to the FortiGate. When debugging the packet flow in the CLI, each command configures a part of the debug action. Jun 2, 2010 · To configure the DHCP relay agent option using the CLI: config system interface edit <interface> set vdom root set dhcp-relay-service enable set dhcp-relay-ip <ip> set dhcp-relay-agent-option enable set vlanid <id> next end DHCP is logged to "System Events" log, where that is stored depends on your logging configuration. 0 set allowaccess ping https ssh snmp http telnet set type physical set snmp-index 5 next edit "port5" set vdom "vdom1" set dhcp-relay-service enable set dhcp-smart-relay enable set ip 5. The DHCP server and DHCP relay cannot be enabled at the same time. The DHCP server must have appropriate routing so that its response packets to the DHCP clients arrive at the unit. This section covers the following topics: Configuring a DHCP server; Detailed operation 开启dhcp中继功能,并填写dhcp服务器地址。进入网络→接口,编辑需要开启dhcp服务的接口,开启dhcp服务器,打开高级选项,模式选择中继。 dhcp服务器:开启; dhcp服务器的ip:填写真实dhcp服务器的ip地址,需要防火墙进行中继的dhcp服务器地址; mode:中继 IPsec VPN with external DHCP service. To configure the DHCP relay servers: config system interface edit "port2" set dhcp-relay-service enable set dhcp-relay-ip 10. You need to setup using relay, not have a local dhcp on the segment with clients (so it’ll relay), and put the FortiNAC Isolation interface as a second relay IP. 1 10. The only change we made was replacing two Cisco 4500 series switches that were doing the DHCP relay with 601fs and 1048es and moving the DHCP relay to the FortiGates. We have VLANs with a relay to a Windows server 2019 and so we cant obtain any New ips. If it connects to any other SIIDs being broadcast from the same AP it obtains an IP without issue. 0 set allowaccess ping https ssh snmp http set type Jul 28, 2023 · Hello all, I have a very strange problem here. Multiple DHCP relay servers. This is the config of my DHCP relay . The CLI must be used to set up this configuration because it is not possible to edit multiple pools on the same interface using the GUI. Enable DHCP Server in the interface and choose Advanced 3. 9/30) I can ping DHCP server interface from the VLAN 182 range. To stop the debug: diag debug reset diag debug disable Dec 22, 2016 · The routers must be configured for DHCP relay. A DHCP server dynamically assigns IP addresses to hosts on the network connected to the interface. 252, hostname Client Jul 2, 2010 · These flow rules handle traffic when the IPv6 DHCP client sends requests to a DHCP server using port 547 and the DHCP server responds using port 546. 16. 100. NOTE: DHCP snooping and the DHCP server can be enabled at the same time. 5 255. diagnose debug application dhcprelay <Integer> Parameter. It is possible to set up to 8 IPs from the CLI. Debug the packet flow when network traffic is not entering and leaving the FortiGate as expected. We told Fortinet that we thought the ACK wasn't getting back to the DHCP server and that is why we were getting a duped IP out there. Jan 13, 2025 · FortiGate. The only way to get it working is to enable autonomous-flag enable. restarting dhcpd and clearing the leases didn't resolve the issue. 3. No Av or Firewall are enabled for testing Jun 4, 2011 · Configuring a DHCP relay . end DHCP smart relay on interfaces with a secondary IP. Dec 22, 2016 · The routers must be configured for DHCP relay. 120. May 13, 2020 · When the server boots up, asks for an IP via DHCP. 0 set allowaccess ping Dec 26, 2014 · This case study illustrates how proxy-arp can be used for dealing with overlapping subnets. ScopeFortiGate, Configuring DHCP relay in VLAN interface. 0 set allowaccess ping https ssh snmp http set type Sep 7, 2017 · Last few days I was busy with configuring IPV6 DHCP on my Fortigate. But this is only since a short time. Using the GUI: Go to System > Network > Interface > Physical. Apr 18, 2024 · FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. There was no change on the Fortigate, or on the DHCP server of the Fortigate. Aug 24, 2009 · If FortiGate is the DHCP server: As a first step, review the existing dhcp leases by the DHCP server on this FortiGate to check for any issues using the below CLI command. Could be local log, or sent to Syslog/FAZ DHCP events show up with mesasge "DHCP server sends a DHCPACK" and log description "DHCP Ack log". I found nothing specific for Fortigate setup however. 11 (Fortigate 201F HA A-P, SD-WAN with dual WAN) FortiAP 7. we have in our Environment a fortigate 100e Cluster with the 6. Multiple DHCP relays can be configured on an interface. The interface forwards DHCP requests from DHCP clients to an external DHCP server and returns the responses to the DHCP clients. 0/24) has a relay to VLAN 999's IP (172. Enter the DHCP Server IP. Scope FortiGa config system interface edit "port3" set vdom "vdom1" set ip 10. Debugging the packet flow. Solution In the FortiOS GUI, navigate to Network -> Interfaces -> Interface_NAME. Feb 27, 2024 · The strange thing is that i have other sites that are running Fortigate 40F models and they get their IP address via DHCP relay over the WAN with no issue but these sites do not have Fortiswitches in them. 20. The debug also shows if there are any errors during the DORA process. Option 82 (DHCP relay information option) helps protect the FortiGate against attacks such as spoofing (or forging) of IP and MAC addresses, and DHCP IP address starvation. SSID3: Tunnel mode, get IP from tunnel interface. 168. 254 255. 1. This section covers the following topics: Configuring a DHCP server; Detailed operation config system interface edit "port3" set vdom "vdom1" set ip 10. 17. Nov 15, 2024 · The DHCP relay forwards DHCP requests from the clients to the external server. Con eso deberia de ser suficiente. 0 set allowaccess ping https ssh snmp http set type Sep 25, 2018 · > scp export debug-pcap from dhcp-vr-0. One specific Windows device is not obtaining a DHCP address when connecting to one of the SSIDs being broadcast. Go to System > Network > Interfaces and select Interface want to configure DHCP relay. Then you will see the list of DHCP servers configured; see which numbers has that one on the trunk interface . In the DHCP relay agent setup, the FortiGate interface receives the DHCP broadcast packets and then sends the traffic unicast to the DHCP Sep 9, 2024 · FortiGate. Jun 4, 2011 · If DHCP server has multiple DHCP scopes, the address in the gateway IP address field (GIADDR) identifies the DHCP scope from which to offer an IP address lease. If all else fails check debug flow which will tell you if other things are occuring such as policy ect. g config sys interface edit vlan2 set ip 10. Edit an interface. After I completed the configuration, 3 SSID connect normally and can Apr 25, 2023 · FortiOS 7. No additional firewall policies need to be created for this step. pcap to user@scp-server:/path To review DHCP lease logs and server messages: > show log system subtype equal dhcp direction equal backward. The DHCP relay agent acts as the interface between DHCP clients and the server. The host computers must be configured to obtain their IP addresses using DHCP. DHCP relay daemon. ) You can select a fixed format for the Circuit ID and Remote ID fields or select which values appear in the Circuit ID and Remote ID fields. Jul 2, 2011 · To configure the DHCP relay servers: config system interface edit "port2" set dhcp-relay-service enable set dhcp-relay-ip 10. Nov 25, 2015 · If the clients are configured to obtain a IP address using DHCP relay, configure the FortiGate server as below: To configure DHCP relay on the FortiGate unit 1. This article explains how to specify more than one DHCP relay IP, to allow for the coverage of additional LAN subnets. Nothing shows up. 0 build0589. 0 set allowaccess ping https ssh fabric set type physical set snmp-index 4 set dhcp-relay-ip "192. 1 next end To check the debug messages to verify that the DHCP relay is working: # diagnose debug application dhcprelay -1 Debug messages will be on for 30 minutes. Description. Unfortunately, that isn't working. To configure a DHCP relay in the CLI: Configure the interface: Jan 18, 2019 · The command enables DHCPv6 relay and includes adding the IPv6 address of the DHCP server that the FortiGate unit relays DHCPv6 requests to: config system interface edit internal config ipv6 set dhcp6-relay-service enable set dhcp6-relay-type regular set dhcp6-relay-ip 2001:db8:0:2::30. They said nicely that we needed to prove that. Jan 16, 2020 · Please paste Fortigate interface config here or see my example: CLI on fortigate and type : Config system dhcp server. DHCP servers and relays. 31. The following output can be seen when FortiGate receives a DHCPDISCOVER message: DHCP smart relay on interfaces with a secondary IP FortiGate DHCP works with DDNS to allow FQDN connectivity to leased IP addresses Using the debug flow tool Jun 4, 2011 · Configuring a DHCP relay . But in all other VLANS it gets an IP address. show . ; Select Edit for an interface. A packet capture on the server shows it sending DHCP requests, but no response. DHCP is logged to "System Events" log, where that is stored depends on your logging configuration. 0/24) for the port2 LAN subnet in the DHCP server. Crash Logs didnt show any issues. DHCP smart relay on interfaces with a secondary IP FortiGate DHCP works with DDNS to allow FQDN connectivity to leased IP addresses Using the debug flow tool Multiple DHCP relay servers FortiGate DHCP works with DDNS to allow FQDN connectivity to leased IP addresses Configuring and debugging the free-style filter We would like to show you a description here but the site won’t allow us. After I completed the configuration, 3 SSID connect normally and can Jun 4, 2011 · The DHCP server must have the appropriate routing so that its response packets to the DHCP clients arrive at the unit. You can configure a FortiGate interface as a DHCP relay. Since today where we got a Ticket from our customer the dhcp relay doesnt work. Look for the DHCPDISCOVER coming from the client and let's make sure the client is requesting the DHCP options necessary for each implementation. The server is attached to internal2 on the FortiGate and has an IP address of 192. 1/24 set dhcp-relay-service enable set dhcp-relay-type regular set dhcp-relay-ip 10. config system dhcp relay set interface "<>" set server-ip <> # Replace with the external DHCP server's IP . Additionally, for configuring DHCP Option 119 on the FortiGate interface, refer to Technical Tip: How to configure DHCP option 119 (multiple search domains config system interface edit port5 config ipv6 set dhcp6-relay-service enable set dhcp6-relay-type regular set dhcp6-relay-ip 2000:db8:d0c::a end next end Previous Next Jul 2, 2010 · Run debugging for the DHCP server: # diagnose debug application dhcps -1 [debug]locate_network prhtype(1) pihtype(1) [debug]find_lease(): leaving function WITHOUT a lease [note]DHCPDISCOVER from e8:1c:ba:de:aa:16 via port1(ethernet) [debug]found a new lease of ip 17. end Jan 18, 2019 · The command enables DHCPv6 relay and includes adding the IPv6 address of the DHCP server that the FortiGate unit relays DHCPv6 requests to: config system interface edit internal config ipv6 set dhcp6-relay-service enable set dhcp6-relay-type regular set dhcp6-relay-ip 2001:db8:0:2::30. config system dhcp server. g. The configuration that I made is as follow: edit For example, you might need to configure a FortiGate DHCP server that gives out a separate option as well as an IP address, such as an environment that needs to support PXE boot with Windows images. 2 [debug]added ip 17. The DHCP Relay Agent relays DHCP messages between DHCP clients and DHCP servers on different IP networks. # diagnose debug application dhcprelay -1 # diagnose debug console timestamp enable # diagnose debug enable. Feb 26, 2024 · The strange thing is that i have other sites that are running Fortigate 40F models and they get their IP address via DHCP relay over the WAN with no issue but these sites do not have Fortiswitches in them. You can use an external DHCP server to assign IP addresses to your IPsec VPN clients. Sep 26, 2018 · Used in conjunction with the dhcp-relay on the interface what appears to happen is that DHCP packets are being rebroadcast in the correct (server) network, but the microsoft DHCP server is completely ignoring them and only responding to the fortigate ip-helper-fixed (via the dhcp-relay agent) packets--those packets are being 'fixed' by the FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. In this case study: The workstation obtains an IP from a DHCP server on the remote site IPSec VPN (DHCP-relay is required)After obtaining an IP from the DHCP server, the workstation then needs to access a ser Apr 28, 2014 · This would be determine by the relay-dhcp-server ip address of office B router nic ( the firewall ip_address) aka properly as the GIADDR in the dhcp-message e. DHCP server sends an IP address lease offer (DHCPOFFER) directly to the relay agent identified in the gateway IP address (GIADDR) field. I have an iOT device here that does not get an IP address in a specific VLAN. This is a very good link. 2 255. Multiple DHCP relay servers FortiGate DHCP works with DDNS to allow FQDN connectivity to leased IP addresses Configuring and debugging the free-style filter To configure the DHCP relay servers: config system interface edit "port2" set dhcp-relay-service enable set dhcp-relay-ip 10. We had to remove the second DHCP relay configuration to fix the problem. First, let’s take a look at how DHCP relay works. If the clients are configured to obtain a IP address using DHCP relay, configure the FortiGate server as below: To configure DHCP relay on the FortiGate unit 1. Configure a DHCP relay on an interface To configure a DHCP relay in the GUI: Go to Network > Interfaces. SSID2: Tunnel mode, get IP from tunnel interface. 0 set allowaccess ping https ssh snmp http set type Jun 2, 2015 · To configure the DHCP relay agent option using the CLI: config system interface edit <interface> set vdom root set dhcp-relay-service enable set dhcp-relay-ip <ip> set dhcp-relay-agent-option enable set vlanid <id> next end To configure the DHCP relay servers: config system interface edit "port2" set dhcp-relay-service enable set dhcp-relay-ip 10. Jan 13, 2013 · I already have a DHCP server on the internal network and so I figured I'd configure the firewall to relay the DHCP to dial up VPN clients. Jun 23, 2022 · Assign that address as a Secondary IP to one of the FortiGate's physical interfaces. In the GUI interfac Jun 4, 2011 · Configuring a DHCP relay . The final command starts the debug. These flow rules handle traffic when the IPv6 DHCP client sends requests to a DHCP server using port 547 and the DHCP server responds using port 546. DHCP smart relay on interfaces with a secondary IP NEW FortiGate DHCP works with DDNS to allow FQDN connectivity to leased IP addresses Using the debug flow tool Configuring a DHCP relay . To configure a DHCP relay in the CLI: Configure the interface: DHCP smart relay on interfaces with a secondary IP FortiGate DHCP works with DDNS to allow FQDN connectivity to leased IP addresses Using the debug flow tool May 30, 2022 · On FortiGate's SSH, use 'diag debug application dhcps -1' to collect more details about the DHCP transaction. 119: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet1/0 assigned DHCP address 172. diagnose debug enable . For information about using the debug flow tool in the GUI, see Using the debug flow tool. Also, run dhcprelay debugs as mentioned below: diagnose debug application dhcprelay -1 diagnose debug console timestamp enable diagnose debug enable DHCP servers and relays. Oct 2, 2023 · - Use diagnostic commands to check the DHCP status: ``` diagnose ip dhcp relay list diagnose ip dhcp server list ``` - These commands will show you the current DHCP relays and leases, which can help identify if the Fortigate is receiving DHCP requests and if it's providing leases. 100 to 172. 11:68 to 255. (DHCP option 82 provides additional security by enabling a controller to act as a DHCP relay agent to prevent DHCP client requests from untrusted sources. 0. Click OK. 0 set allowaccess ping https ssh snmp http set type Jun 4, 2011 · You can include option-82 data in the DHCP request. **Physical Connections**: - Ensure that all cables and Feb 26, 2024 · The DHCP server and Radius server are two different virtual machines. The only other traffic present in the capture is STP announcements from the FortiGate. 70. FortiGate# execute dhcp lease-list. If enabling the DHCP relay in FortiGate, then run the below debugs and renew the PC IP address: diagnose debug application dhcprelay -1 diagnose debug console timestamp enable diagnose debug enable To configure the DHCP relay servers: config system interface edit "port2" set dhcp-relay-service enable set dhcp-relay-ip 10. I see from the logs that the correct vlan is pushed to the device but the DHCP request goes timed-out. Expand the Advanced section and set Mode to Relay. Jun 14, 2023 · Upon running the debug, the dhcp daemon debug output can be seen when FortiGate receives any DORA Discover, Offer, Request, Acknowledgement) message exchanges between FortiGate and the client. Jul 2, 2010 · If this DHCP relay traffic passes through the FortiGate-6000 you must add a flow rule similar to the following to support port 67 DHCP traffic in both directions (the following example uses edit 0 to add the DHCP relay flow using the next available flow rule index number): FortiGate-5000 / 6000 / 7000; NOC Management. - if it's on port 2 - you will have something like (server) # show. The DHCP server must have the appropriate routing so that its response packets to the DHCP clients arrive at the unit. e. Enable the DHCP Server option and set DHCP status to Disabled. Troubleshooting, I ran dhcp diag on the fortigate: diag debug application dhcps -1 diag debug enable. DHCP relays can be configured on interfaces with secondary IP addresses. 255. 10" set dhcp-relay-request-all-server enable next end config system interface edit "port3" set vdom "vdom1" set ip 10. To configure the DHCP relay agent option using the CLI: config system interface edit <interface> set vdom root set dhcp-relay-service enable set dhcp-relay-ip <ip> set dhcp-relay-agent-option enable set vlanid <id> next end Nov 5, 2014 · I don't understand why my Windows7 can't connect to my Fortigate 90D v5. 1 255. DHCP relay agent information option. Jul 2, 2010 · To configure a DHCP server and relay in the CLI: Configure the interface: config system interface edit "port2" set vdom "root" set dhcp-relay-service enable set ip 10. xyhro rni ohowg dmdi sartwjbs mbyu tqow epqu ovbztzyp wypn