DHCP Server Issues when configured from Fortimanager

sjWelter · ‎09-10-2018

Hello,

I am trying to configure a network interface on my lab fortigate from the FortiManager console.

[ul]

I start out with a factory install FortiOS on the ForitGate.

I check the box next to my Fortigate device in Device Manager, go to More \ Configuration, go to System \ Interface

I check the box next to port3 (a port with no settings on it) and click Edit

I complete the IP Addressing values for a manual IP address, netmask, etc

I complete the DHCP Server section by enabling it and giving start and end IP addresses

I click OK where I receive pop-up messages stating the port was edited successfully

I return to the device in Device Manager, click the checkbox, and select Install \ Install Config

Install completes successfully[/ul]

The result, is the port is configured with the IP address settings I specified, however the DHCP server is still disabled with no values. I have tried to go back in and re-submit the DHCP Server settings, and they continue to disappear after the Install Config step. I have tried this on a couple of devices using 5.4.3 and 5.6.4. Is there an obvious step I am missing or is this simply not a supported way to configure a DHCP server?

thanks!

chall_FTNT · ‎09-10-2018

What is the FMG firmware version? ADOM version? And what does the install log show when you first pushed the interface setting change?

Chris Hall
Fortinet Technical Support

chall_FTNT · ‎09-10-2018

If FMG didn't even attempt to install the DHCP server settings then it would help to see the syntax as displayed in the FMG CLI:

exec fmpolicy print-device-object <ADOM> <device name> <VDOM> "system interface" <interface>

e.g.,

exec fmpolicy print-device-object root Test-FGT root "system interface" internal

Chris Hall
Fortinet Technical Support

sw2090 · ‎09-10-2018

keep in mind that on gui dhcp server settings are part of the interface setup but on cli they are on their own!

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

sjWelter · ‎09-11-2018

Current FMG Firmware is 6.0.2-build0205. Pretty sure I tested this on the previous build (5.4.1-build 1082)as well, but not certain. I have tried this on devices in ADOM version 5.4, 5.6, and 6.0. It looks like there are no DHCP server values getting passed on the config step. ## First Run Log Starting log (Run on device) Start installing FGVM-602 $ config system interface FGVM-602 (interface) $ edit "port2" FGVM-602 (port2) $ set ip 10.50.50.1 255.255.255.0 FGVM-602 (port2) $ set allowaccess https ping ssh snmp http FGVM-602 (port2) $ set role lan FGVM-602 (port2) $ next FGVM-602 (interface) $ end ---> generating verification report (global: system interface "port2":device-identification) remote original: enable to be installed: <--- done generating verification report ------- Start to retry -------- FGVM-602 $ config system interface FGVM-602 (interface) $ edit "port2" FGVM-602 (port2) $ unset device-identification FGVM-602 (port2) $ next FGVM-602 (interface) $ end ---> generating verification report <--- done generating verification report install finished ## Output from FMG CLI Command exec fmpolicy print-device-object TEST-60 FGVM-602 root "system interf ace" port2 Dump object [port2] of category [system interface] in device [FGVM-602] vdom[root]: --------------- config system interface edit "port2" set vdom "root" set ip 10.50.50.1 255.255.255.0 set allowaccess https ping ssh snmp http set type physical set role lan set snmp-index 2 next end

Happy to test further. Thank you for assisting here.

chall_FTNT · ‎09-11-2018

Thanks, sw2090, for pointing out that in the CLI, the DHCP settings are stored separately from interface settings. So sjWelter, good too look at CLI output for DHCP settings also: exec fmpolicy print-device-object TEST-60 FGVM-602 root "system dhcp server" all note: one of those dhcp servers should reference port2 Also, would be good to see what FGT CLI has for dhcp server as well. And I'm curious whether a Retrieve followed by an Install causes FMG to push the change.

Chris Hall
Fortinet Technical Support

sjWelter · ‎09-11-2018

# FMG Command RMC-FMG # exec fmpolicy print-device-object TEST-60 FGVM-602 root "system dhcp server" all Dump all objects for category [system dhcp server] in device [FGVM-602] vdom[root]: --------------- # Fortigate CLI FGVM-564 (server) # show config system dhcp server end

No DHCP servers are in either config. I went back to the Device manager, and edited the port to add a DHCP Server (see image-01) hit ok, received a success note. Then I immediately went back into the port and the DHCP Server settings were gone again. So its not sticking long enough to even push it seems.

chall_FTNT · ‎09-11-2018

Are you using system templates? If so, the DHCP widget would overwrite what is in device DB.

Chris Hall
Fortinet Technical Support

sjWelter · ‎09-11-2018

No, its a brand new ADOM with no settings customized under Device Manager \ Provisioning Templates. I dont see anything there that touches DHCP. Am I looking in the right spot?

brazz_FTNT · ‎09-14-2018

Hello sjWelter,

Yes that is the right place to look.

[ul]

Can you verify the FGT version too . Just would like to make sure we do not skip this simple step.[/ul]

Let's check the compatibility chart https://docs.fortinet.com/uploaded/files/2902/fortimanager-compatibility.pdf

[ul]

Also It does not hurt to check the assigned FGTs under the provision template , if your device is there remove it for a test. Apply your desired change on FMG then push it to the FGT. Also do not forget to check the installation preview before pushing it to your FGT. [/ul]

Let us know about the results.

Cheers