DHCP and Fortigate 30E with UBNT UAP-AC-Pro-Gen2

t_rex_joe · ‎02-18-2019

All,

Recently purchased a Fortigate 30E to replace my old linux iptables

and linksys ap.

30E firmware: v6.0.4 build0231 (GA)

UBNT Firmware: 4.0.21.9965

When I enabled DHCP for lan on 30e, the wired side is fine.

The Access point is a UBNT UAP-AC-Pro-Gen2. None of the

AP clients are able to retrieve a IP from the 30E.

When I disable the DHCP on the 30E and enable it on the linksys,

the clients work as expected through the UBNT AP and the wired side.

I do show on the 30E clients are assigned IP addresses, however

they are not shown on the actual device via network information.

My Wifi Devices:

- Laptop in win10 pro

- Nexus 5X

- Samsung Galaxy Tab A

I did run a few traces, from the 30E, it receives the Discover and offers an

IP, however nothing is returned.

On the AP, the request is not seen from the 30E, however when I add the linksys

back into the network, I do see the request from the linksys via the AP.

Please Advise,

Joe

t_rex_joe · ‎02-19-2019

Here's an update.

Below is the output from a capture from the UNIFI AP.

The packet is traversing the network correctly and out the AP.

However, the client is not accepting the IP offered via the fortinet

over Wifi, it is accepting the IP via the linksys.

For fortinet,

What is "option 224" and how can I disable this on the fortinet.?

###

T224 Option 224, length 17: 70.71.84.51.48.69.53.54.49.56.48.55.51.50.49.55.0

###

-------- FROM 30E FOR PC - NO WORK 15:45:12.703699 IP (tos 0x10, ttl 16, id 0, offset 0, flags [none], proto UDP (17), length 343) 10.1.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 315, xid 0xa8293d48, secs 768, Flags [Broadcast] Your-IP 10.1.1.50 Client-Ethernet-Address XX:XX:XX:XX:09:88 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 Subnet-Mask Option 1, length 4: 255.255.255.0 Time-Zone Option 2, length 4: -28800 Default-Gateway Option 3, length 4: 10.1.1.1 Domain-Name-Server Option 6, length 8: 10.1.1.10,1.1.1.1 Lease-Time Option 51, length 4: 604800 DHCP-Message Option 53, length 1: Offer Server-ID Option 54, length 4: 10.1.1.1 RN Option 58, length 4: 302400 RB Option 59, length 4: 529200 T224 Option 224, length 17: 70.71.84.51.48.69.53.54.49.56.48.55.51.50.49.55.0 -------- EO FROM 30E FOR PC - NO WORK --------------------- PC WORKS - LINKSYS 15:58:18.305300 IP (tos 0x0, ttl 64, id 41953, offset 0, flags [none], proto UDP (17), length 349) 10.1.1.240.67 > 10.1.1.104.68: BOOTP/DHCP, Reply, length 321, xid 0xe149f657, Flags [none] Your-IP 10.1.1.104 Server-IP 10.1.1.240 Client-Ethernet-Address XX:XX:XX:XX:09:88 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 Subnet-Mask Option 1, length 4: 255.255.255.0 Default-Gateway Option 3, length 4: 10.1.1.1 Domain-Name-Server Option 6, length 4: 8.8.4.4 BR Option 28, length 4: 10.1.1.255 Domain-Name Option 15, length 3: "lan" Lease-Time Option 51, length 4: 43200 DHCP-Message Option 53, length 1: ACK Server-ID Option 54, length 4: 10.1.1.240 RN Option 58, length 4: 21600 RB Option 59, length 4: 37800 FQDN Option 81, length 22: [SO] 255/255 "DESKTOP-XXXXX.lan" --------------------- EO PC WORKS - LINKSYS

CivicGreg · ‎04-30-2019

Hi Joe, we are having the same issue 100E and same Unifi APs as you are using. Did you ever get a solution to this issue?

jhopkins · ‎05-09-2019

Either of you find a fix for this issue? We have numerous sites experiencing the same.

Dec · ‎07-01-2019

We ran into a similar issue, between a FGT 30E and Ubiquiti AP directly patched, the AP was getting an IP from DHCP but the client's were not. It turned out to be the Access point wasn't allowing broadcast from the ForiGate, once the AP allowed broadcast this fixed our issue.