Configuring FortiGate As A DHCP Server And IP Routing

After completing this document, you will be able to achieve these objectives:
– Configure networking interfaces
– Configure FortiGate as a DHCP server
– Understand IP Routing, Static Routes, and ECMP (Equal-Cost Multi-Path Routing)

You Should Know:

1. Configuring FortiGate as a DHCP Server

To set up FortiGate as a DHCP server, use the following CLI commands:

config system dhcp server 
edit <interface_name> 
set dns-service default 
set default-gateway <gateway_IP> 
set netmask <subnet_mask> 
set interface <interface_name> 
config ip-range 
edit 1 
set start-ip <start_IP> 
set end-ip <end_IP> 
next 
end 
next 
end

Verify DHCP leases:

get system dhcp lease

#### 2. Static Routing Configuration

Add a static route via CLI:

config router static 
edit 0 
set dst <destination_network> 
set gateway <next_hop_IP> 
set device <interface_name> 
next 
end

Check routing table:

get router info routing-table all

#### 3. ECMP (Equal-Cost Multi-Path Routing)

Configure ECMP for load balancing:

config system settings 
set ecmp-max-paths 4 
end

config router static 
edit 0 
set dst 0.0.0.0/0 
set distance 10 
set priority 1 
set device port1 
next 
edit 1 
set dst 0.0.0.0/0 
set distance 10 
set priority 1 
set device port2 
next 
end

Verify ECMP routes:

get router info kernel

#### 4. Reverse Path Forwarding (RPF) Check

Enable RPF to prevent IP spoofing:

config system interface 
edit <interface_name> 
set rpf enable 
next 
end

#### 5. LAB 1: Route Failover Configuration

config router static 
edit 0 
set dst <destination_network> 
set gateway <primary_gateway> 
set priority 10 
set device port1 
next 
edit 1 
set dst <destination_network> 
set gateway <backup_gateway> 
set priority 20 
set device port2 
next 
end

#### 6. LAB 2: ECMP Load Balancing

config system sdwan 
set status enable 
config members 
edit 1 
set interface port1 
next 
edit 2 
set interface port2 
next 
end 
config health-check 
edit "ping-check" 
set server "8.8.8.8" 
set members 1 2 
next 
end 
end

### What Undercode Say:

FortiGate’s advanced routing capabilities, including DHCP, static routes, and ECMP, enhance network reliability and performance. Key takeaways:
– Use `get router info routing-table all` to troubleshoot routing issues.
– ECMP improves bandwidth utilization via multiple paths.
– RPF checks mitigate DDoS and IP spoofing risks.
– SD-WAN integrates seamlessly with ECMP for dynamic traffic management.

### Expected Output:

DHCP Server Status: Active 
Static Routes: Configured 
ECMP Paths: 4 Active 
RPF Check: Enabled

For further reading, refer to Fortinet’s official documentation:

FortiGate DHCP Configuration
ECMP Best Practices

References:

Reported By: Ahmed Ali – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Listen to this Post

You Should Know:

1. Configuring FortiGate as a DHCP Server

Verify DHCP leases:

#### **2. Static Routing Configuration**

Add a static route via CLI:

Check routing table:

#### **3. ECMP (Equal-Cost Multi-Path Routing)**

Configure ECMP for load balancing:

Verify ECMP routes:

#### **4. Reverse Path Forwarding (RPF) Check**

Enable RPF to prevent IP spoofing:

#### **5. LAB 1: Route Failover Configuration**

#### **6. LAB 2: ECMP Load Balancing**

### **What Undercode Say:**

### **Expected Output:**