PXE boot configuration Fortigate help

Discussion in 'General' started by jjacobs, Feb 15, 2012.

  1. jjacobs New Member

    Hi there,

    We have here a Fortigate 310b an configured as DHCP server.
    I tried to configure the DHCP settings but i think its not working correctly.

    In the DHCP options of fortigate i find "Option 1, Option 2, Option 3".
    First of all i tried to enter the 2 important commands: 066 192.168.20.22 and 067 pxelinux.0
    but that gave a error "invalid value"

    I then read somewhere that I had to use a Hexadecimal string. I tried that and fortigate accepted that configuration.

    So I now have entered in the DHCP configuration:
    Option 1: 066 3139322e3136382e32302e3232
    Option 2: 067 7078656c696e75782e30

    But somehow it still won't work. When i try to boot from the network I'm getting a PXE-E32 error.

    Can someone help me to configure my DHCP?

    Tx,
    Johan
  2. Catsrules Member

    I don't know much about converting to hex but a sight I tried said it was C0A81416 for a 192.168.20.22 Ip address
    I used this sight
    http://www.kloth.net/services/iplocate.php

    I also tried this sight
    http://www.silisoftware.com/tools/ipconverter.php?convert_from=192.168.20.22
    and it throws a 0x in the front I don't know what that is about, it has been a long time since I had to convert anything to Hex my self :)

    But I used this sight
    http://www.swingnote.com/tools/texttohex.php
    and it gives the Hex string you got, so there must be something different about converting strings and converting IP addresses.
  3. Catsrules Member

    I don't know much about converting to hex but a sight I tried said it was C0A81416 for a 192.168.20.22 Ip address
    I used this sight
    http://www.kloth.net/services/iplocate.php

    I also tried this sight
    http://www.silisoftware.com/tools/ipconverter.php?convert_from=192.168.20.22
    and it throws a 0x in the front I don't know what that is about, it has been a long time since I had to convert anything to Hex my self :)

    But I used this sight
    http://www.swingnote.com/tools/texttohex.php
    and it gives the Hex string you got, so there must be something different about converting strings and converting IP addresses.
  4. PeterDoobes New Member

    You need to set the next-server for the DHCP through the CLI in fortigate.

    From the CLI:

    FORT-310B # config vdom
    FORT-310B (vdom) # edit <vdom name>
    FORT-310B (<vdom name>) # config system dhcp server
    FORT-310B (server) # edit 1 //Replace 1 with the number of the DHCP server id on the fortigate if more than one configured
    FORT-310B (1) # set next-server 192.168.X.X
    FORT-310B (1) # end
    boon likes this.
  5. jeffpuxx New Member


    I really hope this works. In the past I have tried to get this working with my Fortinet units and have not had any luck. The support people at Fortinet were also not able to help me despite opening multiple tickets.
  6. boon Member

    Any luck?
  7. chrisayala New Member

    Has anybody had any luck with this? I've got the same Fortigate/FOG setup and have been banging my head against it all week.

    Thanks!
  8. jeffpuxx New Member


    Peter -

    How are you setting the filename -- pxelinix.0 ??
  9. jeffpuxx New Member

    Finally Working !!!


    edit 2
    set auto-configuration disable
    set default-gateway 192.168.111.1
    set interface "dmz"
    config ip-range
    edit 1
    set end-ip 192.168.111.250
    set start-ip 192.168.111.100
    next
    end
    set lease-time 1209600
    set netmask 255.255.255.0
    set next-server 192.168.111.7
    set option1 67 '7078656c696e75782e30'
    set dns-server1 8.8.8.8
    set dns-server2 4.2.2.2
    next
  10. Tecno New Member

    Hi,

    sorry but I have the same problem but... in CLI command there isn't "set next-server" in DHCP setting:
    config system dhcp server
    edit <server_index_int>
    set auto-configuration {enable | disable}
    set conflicted-ip-timeout <timeout_int>
    set default-gateway <address_ipv4>
    set dns-service {default | specify}
    set domain <domain_name_str>
    set enable {enable | disable}
    set interface <interface_name>
    set lease-time <seconds>
    set netmask <mask>
    set option1 <option_code> [<option_hex>]
    set option2 <option_code> [<option_hex>]
    set option3 <option_code> [<option_hex>]
    set server-type {ipsec | regular}
    set start-ip <address_ipv4>
    set wins-server1 <wins_ipv4>
    set wins-server2 <wins_ipv4>
    set wins-server3 <wins_ipv4>
    set dns-server1 <address_ipv4>
    set dns-server2 <address_ipv4>
    set dns-server3 <address_ipv4>
    set ip-mode {range | usrgrp}
    set ipsec-lease-hold <release_seconds>
    set vci-match {enable | disable}
    set vci-string <string>
    config exclude-range
    edit <excl_range_int>
    set end-ip <end_ipv4>
    set start-ip <start_ipv4>
    config ip-range
    edit <ip_range_int>
    set end-ip <end_ipv4>
    set start-ip <start_ipv4>
    config reserved-address
    edit <id_int>
    set ip <ipv4_addr>
    set mac <mac_addr>
    end
    end

    ...and then?

    Thanks
  11. chad-bisd Community Manager

    Check your device manual to see if it supports that option. You might also have a firmware update available that adds or fixes that option. If you just can't get it to work, consider installing FOG in proxyDHCP mode so that it intercepts pxe boot requests and gives the next server and filename info but lets your existing DHCP server still hand out IP addresses.
  12. jeffpuxx New Member

    What firmware version are you running ?

    You need to upgrade your firmware.

    The "set next-server" option was added to the DHCP configuration options with a firware release but I am not sure which one.
  13. Mantvydas New Member

    After a couple of years of struggling with the very same problem, I have finally found a solution without a next-server, if such an option simply doesn't exist in fortigate.
    Yes, you need 66 and 67 options in fortigate in a hex format, that's alright.
    What helped me was set two Virtual IPs:
    1. For Both Virtual IPs You choose external interface as your client subnet, external ip your gateway, mapped ip is your PXE server IP, and external service port in the first VIP is 69, and 4011 in the second.
    2. You create two Fireall policies for machines to go freely to those Virtual IPs you just created.
  14. SomeOne New Member

    Hi Mantvydas,
    Would you mind posting your fortigate config ?

    Thanks!

Share This Page