Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    6.2.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    DHCP Relay Agent Information Option

    DHCP Relay Agent Information Option

    This feature adds DHCP option 82 (DHCP relay information option). It can help protect the FortiGate against attacks such as spoofing (or forging) of IP and MAC addresses, and DHCP IP address starvation.

    The following CLI variables are added to or modified in the config system dhcp server > config reserved-address command:

    circuit-id-type {hex | string}

    DHCP option type, hex or string (default).

    circuit-id <value>

    Option 82 circuit ID of the client that will get the reserved IP address.

    Format: vlan-mod-port

    • vlan: VLAN ID (2 bytes)
    • mod: 1 = snoop, 0 = relay (1 byte)
    • port: port number (1 byte)

    remote-id-type {hex | string}

    DHCP option type, hex or string (default).

    remote-id <value>

    Option 82 remote ID of the client that will get the reserved IP address.

    Format: the MAC address of the client.

    type {mac | option82}

    The DHCP reserved-address type, either mac (default) or option82 (newly added).

    To create an IP address assignment rule using option 82 in the GUI:
    1. On the FortiGate, go to Network > Interfaces.
    2. Edit and existing port, or create a new one.
    3. Ensure that the Role is either LAN or Undefined.
    4. Enable DHCP Server.
    5. Configure address ranges and other settings as needed.

    6. In the IP Address Assignment Rules table, click Create New. The Create New IP Address Assignment Rule pane opens.
    7. For the Type, select DHCP Relay Agent.

    8. Enter the Circuit ID, Remote ID, and the IP address that will be reserved.
    9. Click OK to create the rule.
    To create an IP address assignment rule using option 82 with the CLI:
    config system dhcp server
    edit 1
        set netmask 255.255.255.0
        set interface "port4"
        config ip-range
            edit 1
                set start-ip 100.100.100.1
                set end-ip 100.100.100.99
            next
            edit 2
                set start-ip 100.100.100.101
                set end-ip 100.100.100.254
            next
        end
        config reserved-address
            edit 1
                set type option82
                set ip 100.100.100.12
                set circuit-id-type hex
                set circuit-id "00010102"
                set remote-id-type hex
                set remote-id "704ca5e477d6"
            next
        end
    next
end
    Previous
    Next

    DHCP Relay Agent Information Option

    DHCP Relay Agent Information Option

    This feature adds DHCP option 82 (DHCP relay information option). It can help protect the FortiGate against attacks such as spoofing (or forging) of IP and MAC addresses, and DHCP IP address starvation.

    The following CLI variables are added to or modified in the config system dhcp server > config reserved-address command:

    circuit-id-type {hex | string}

    DHCP option type, hex or string (default).

    circuit-id <value>

    Option 82 circuit ID of the client that will get the reserved IP address.

    Format: vlan-mod-port

    • vlan: VLAN ID (2 bytes)
    • mod: 1 = snoop, 0 = relay (1 byte)
    • port: port number (1 byte)

    remote-id-type {hex | string}

    DHCP option type, hex or string (default).

    remote-id <value>

    Option 82 remote ID of the client that will get the reserved IP address.

    Format: the MAC address of the client.

    type {mac | option82}

    The DHCP reserved-address type, either mac (default) or option82 (newly added).

    To create an IP address assignment rule using option 82 in the GUI:
    1. On the FortiGate, go to Network > Interfaces.
    2. Edit and existing port, or create a new one.
    3. Ensure that the Role is either LAN or Undefined.
    4. Enable DHCP Server.
    5. Configure address ranges and other settings as needed.

    6. In the IP Address Assignment Rules table, click Create New. The Create New IP Address Assignment Rule pane opens.
    7. For the Type, select DHCP Relay Agent.

    8. Enter the Circuit ID, Remote ID, and the IP address that will be reserved.
    9. Click OK to create the rule.
    To create an IP address assignment rule using option 82 with the CLI:
    config system dhcp server
    edit 1
        set netmask 255.255.255.0
        set interface "port4"
        config ip-range
            edit 1
                set start-ip 100.100.100.1
                set end-ip 100.100.100.99
            next
            edit 2
                set start-ip 100.100.100.101
                set end-ip 100.100.100.254
            next
        end
        config reserved-address
            edit 1
                set type option82
                set ip 100.100.100.12
                set circuit-id-type hex
                set circuit-id "00010102"
                set remote-id-type hex
                set remote-id "704ca5e477d6"
            next
        end
    next
end
    Previous
    Next