Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.2.4 Administration Guide
7.2.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

Common DHCP options

Common DHCP options

All FortiGate models come with predefined DHCP options. These DHCP options are widely used and required in most scenarios. The following DHCP options can be set straight from the DHCP server section of the Edit Interface dialog:

Option Code

Option Name

Purpose
*1 Netmask Assign subnet mask to the DHCP client.
*3 Default Gateway Assign default gateway to the DHCP client.
6 DNS server Assign DNS server to the DHCP client.
42 NTP server Assign NTP server to the DHCP client.
*51 Lease time Lease time for the DHCP client.
138 Wireless controllers Assign CAPWAP Access Controller addresses to the DHCP client.
150 TFTP server(s) Assign TFTP server to the DHCP client.

The parameter marked with an asterisk (*) are mandatory and must be filled in.

Configuring the lease time

This configuration implements DHCP option code 51. The global lease time (measured in seconds, 300 - 864000) determines the length of time an IP address remains assigned to a client. Once the lease expires, the address is released for allocation to the next client that requests an IP address.

To configure the global lease time:
config system dhcp server
    edit <id>
        set interface <interface>
        set netmask <netmask>
        set lease-time <integer>
    next
end

The default lease time is seven days (604800 seconds). To have an unlimited lease time, set the value to zero.

The lease time can also be configured in the GUI in the Lease time field within the DHCP server section of the Edit Interface dialog.

Configuring the lease time for IP ranges

The lease time can be also be configured for an IP range. Measured in seconds, the range is similar to the global lease time (300 - 864000), but the default value is zero (0). If the default (0) is used for an IP range, it applies the global DHCP server lease time value.

To configure the lease time for an IP range:
config system dhcp server
    edit <id>
        config ip-range
            edit <id>
                set lease-time <integer>
            next
        end
    next
end

This setting can only be configured in the CLI.

Breaking an address lease

If you need to end an IP address lease, you can break the lease. This is useful if you have limited addresses and longer lease times when some leases are no longer necessary, for example, with corporate visitors.

To break a lease:
# execute dhcp lease-clear <ip_address>
To break a lease for all IP addresses for the DHCP servers in the current VDOM:
# execute dhcp lease-clear all

Configuring NTP servers

This configuration implements DHCP option code 42. NTP server can be used by the client to synchronize their time which is very important as for many features to work, including scheduling, logging, and SSL-dependent features, the FortiOS system time must be accurate. This option specifies a list of the NTP servers available to the client by IP address.

To configure NTP servers:
config system dhcp server 
    edit 2
        set ntp-service {local | default | specify}
        set ntp-server1 <class_ip>
        set ntp-server2 <class_ip>
        set ntp-server3 <class_ip>
    next
end

NTP servers can also be configured in the GUI in the NTP server field within the DHCP server > Advanced section of the Edit Interface dialog.

ntp-service {local | default | specify}

Set the option for assigning NTP servers to DHCP clients:

  • local: the IP address of the interface that the DHCP server is added to becomes the client's NTP server IP address.

  • default: clients are assigned the FortiGate's configured NTP servers.

  • specify: specify up to three NTP servers in the DHCP server configuration.

Configuring TFTP servers

This configuration implements DHCP option code 150. TFTP server are used by VoIP phones to obtain the VoIP Configuration. You can configure multiple TFTP servers for a DHCP server. For example, you may want to configure a main TFTP server and a backup TFTP server.

The tftp-server command allows you to configure the TFTP servers, using either their hostnames or IP addresses. Separate multiple server entries with spaces.

To configure TFTP servers:
config system dhcp server
    edit <id>
        set interface <interface>
        set netmask <netmask>
        set tftp-server <hostname/IP address> <hostname/IP address>
    next
end

TFTP servers can also be configured in the GUI in the TFTP server(s) field within the DHCP server > Advanced section of the Edit Interface dialog.

Previous
Next

Common DHCP options

All FortiGate models come with predefined DHCP options. These DHCP options are widely used and required in most scenarios. The following DHCP options can be set straight from the DHCP server section of the Edit Interface dialog:

Option Code

Option Name

Purpose
*1 Netmask Assign subnet mask to the DHCP client.
*3 Default Gateway Assign default gateway to the DHCP client.
6 DNS server Assign DNS server to the DHCP client.
42 NTP server Assign NTP server to the DHCP client.
*51 Lease time Lease time for the DHCP client.
138 Wireless controllers Assign CAPWAP Access Controller addresses to the DHCP client.
150 TFTP server(s) Assign TFTP server to the DHCP client.

The parameter marked with an asterisk (*) are mandatory and must be filled in.

Configuring the lease time

This configuration implements DHCP option code 51. The global lease time (measured in seconds, 300 - 864000) determines the length of time an IP address remains assigned to a client. Once the lease expires, the address is released for allocation to the next client that requests an IP address.

To configure the global lease time:
config system dhcp server
    edit <id>
        set interface <interface>
        set netmask <netmask>
        set lease-time <integer>
    next
end

The default lease time is seven days (604800 seconds). To have an unlimited lease time, set the value to zero.

The lease time can also be configured in the GUI in the Lease time field within the DHCP server section of the Edit Interface dialog.

Configuring the lease time for IP ranges

The lease time can be also be configured for an IP range. Measured in seconds, the range is similar to the global lease time (300 - 864000), but the default value is zero (0). If the default (0) is used for an IP range, it applies the global DHCP server lease time value.

To configure the lease time for an IP range:
config system dhcp server
    edit <id>
        config ip-range
            edit <id>
                set lease-time <integer>
            next
        end
    next
end

This setting can only be configured in the CLI.

Breaking an address lease

If you need to end an IP address lease, you can break the lease. This is useful if you have limited addresses and longer lease times when some leases are no longer necessary, for example, with corporate visitors.

To break a lease:
# execute dhcp lease-clear <ip_address>
To break a lease for all IP addresses for the DHCP servers in the current VDOM:
# execute dhcp lease-clear all

Configuring NTP servers

This configuration implements DHCP option code 42. NTP server can be used by the client to synchronize their time which is very important as for many features to work, including scheduling, logging, and SSL-dependent features, the FortiOS system time must be accurate. This option specifies a list of the NTP servers available to the client by IP address.

To configure NTP servers:
config system dhcp server 
    edit 2
        set ntp-service {local | default | specify}
        set ntp-server1 <class_ip>
        set ntp-server2 <class_ip>
        set ntp-server3 <class_ip>
    next
end

NTP servers can also be configured in the GUI in the NTP server field within the DHCP server > Advanced section of the Edit Interface dialog.

ntp-service {local | default | specify}

Set the option for assigning NTP servers to DHCP clients:

  • local: the IP address of the interface that the DHCP server is added to becomes the client's NTP server IP address.

  • default: clients are assigned the FortiGate's configured NTP servers.

  • specify: specify up to three NTP servers in the DHCP server configuration.

Configuring TFTP servers

This configuration implements DHCP option code 150. TFTP server are used by VoIP phones to obtain the VoIP Configuration. You can configure multiple TFTP servers for a DHCP server. For example, you may want to configure a main TFTP server and a backup TFTP server.

The tftp-server command allows you to configure the TFTP servers, using either their hostnames or IP addresses. Separate multiple server entries with spaces.

To configure TFTP servers:
config system dhcp server
    edit <id>
        set interface <interface>
        set netmask <netmask>
        set tftp-server <hostname/IP address> <hostname/IP address>
    next
end

TFTP servers can also be configured in the GUI in the TFTP server(s) field within the DHCP server > Advanced section of the Edit Interface dialog.

Previous
Next