Configuring FortiGate as a DHCP Server and IP Routing

By /

Listen to this Post

After completing this document, you will be able to achieve these objectives:

  • Configure networking interfaces
  • Configure FortiGate as a DHCP server
  • Understand IP Routing
  • Static and Dynamic Routing
  • ECMP Load Balancing
  • Lab Exercises for Practical Implementation

You Should Know:

1. Configuring FortiGate as a DHCP Server

To set up FortiGate as a DHCP server, use the following CLI commands:

config system dhcp server 
edit <interface_name> 
set dns-service default 
set default-gateway <gateway_IP> 
set netmask <subnet_mask> 
set interface <interface_name> 
config ip-range 
edit 1 
set start-ip <starting_IP> 
set end-ip <ending_IP> 
next 
end 
next 
end

#### **2. Static Route Configuration**

To add a static route in FortiGate:

config router static 
edit 0 
set dst <destination_network> 
set gateway <gateway_IP> 
set device <interface_name> 
next 
end

#### **3. ECMP (Equal-Cost Multi-Path Routing) Setup**

For load balancing across multiple routes:

config system settings 
set ecmp-max-paths 4 
end

config router static 
edit 0 
set dst 0.0.0.0/0 
set distance 10 
set priority 10 
set device port1 
next 
edit 1 
set dst 0.0.0.0/0 
set distance 10 
set priority 10 
set device port2 
next 
end

#### **4. Verifying Routes**

Check the routing table:

get router info routing-table all

#### **5. Reverse Path Forwarding (RPF) Check**

Enable RPF to prevent IP spoofing:

config system interface 
edit <interface_name> 
set rpf enable 
next 
end

### **What Undercode Say:**

FortiGate provides robust networking features, including DHCP, static/dynamic routing, and ECMP for redundancy and load balancing. Key takeaways:
– Always verify routes using get router info routing-table all.
– Use ECMP for high availability across multiple WAN links.
– Enable RPF to enhance security against spoofed traffic.
– Lab exercises (failover and ECMP) solidify understanding.

**Expected Output:**

  • A functional DHCP server on FortiGate.
  • Verified static and dynamic routing tables.
  • Properly configured ECMP for traffic distribution.
  • Secure RPF-enabled interfaces.

(Note: Telegram/WhatsApp URLs and unrelated comments were removed as per instructions.)

References:

Reported By: Tasirdad Fortigate – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: