Helpful ReplyDHCP Relay Behavior

Author
Shawn Stevens
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/06 07:37:10
  • Status: offline
2019/09/06 13:24:48 (permalink)
0

DHCP Relay Behavior

Hi Everyone,
 
Does anyone know how Fortinet behaves when the FW acts as DHCP relay? I am trying to design a scenario whereas the clients in the branch need to go through VPN tunnel to get to the DHCP server in our HQ. We have a route advertised from HQ branch via OSPF to the branch about how to get to the server, also the branch advertises the route back to HQ, after that the closest route match in the branch will be default route which will go to internet (Which obviously there is no server available, since our server is within private range in HQ) Our concern is what happens if a client requests a DHCP address when the tunnel is down for any reason? I understand that clients won't be able to get an address, but specifically what happens when the tunnel re-establishes? 
 
1. Does the FW maintains the connection from when the tunnel was down, then the clients will be matching the same connection which points to towards the default route, when the tunnel is back up? If yes then this will be an issue. In this case, is there any feature to tell the FW to monitor the server connectivity and don't create a connection if the server is not reachable? 
 
2. If my understanding is correct, is there any workaround?
 
Any help here is greatly appreciated!
 
SStevens 
 
 
#1
OneOfUs
Bronze Member
  • Total Posts : 30
  • Scores: 6
  • Reward points: 0
  • Joined: 2019/07/16 06:32:59
  • Status: offline
Re: DHCP Relay Behavior 2019/09/09 04:36:27 (permalink) ☄ Helpfulby Shawn Stevens 2019/09/09 17:47:53
5 (1)
DHCP relay on the Fortigate follows the rules of routing.  When the tunnel is down it would attempt to forward out the default route (as you suspected).  Once the tunnel is back up routing over the VPN would resume and any new DHCP requests would be sent across the tunnel.
#2
Jump to:
© 2019 APG vNext Commercial Version 5.5