Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




130 posts

Master Geek


#259729 17-Oct-2019 22:27
Send private message

The Orcon-provided router works just fine. Trying to use a FG-60E instead. :)

 

I've just switched across to Orcon from My Republic, and my DHCP issues with my Fortigate 60E appear to have followed along. It does not appear to get a DHCP lease. With My Republic, it never even saw a DHCP offer. Under Orcon, I'm seeing the offer, and sending the request back, but never getting the acknowledgement.

 

The issue originally began randomly about three weeks ago with My Republic, and their first level guys said they'd had another fortigate user with the same issue recently.

 

The Fortigate happily gets a DHCP lease from LAN-based sources, but very definitely hates anything coming out of the ONT - it had been running fine for months. Any ideas/other people in the same boat? Packet capture attached.


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
239 posts

Master Geek


  #2339987 18-Oct-2019 08:31
Send private message

VLAN tagging?

 

I can't see the packet capture attached.

 

Cheers


21941 posts

Uber Geek

Trusted
Lifetime subscriber

  #2339988 18-Oct-2019 08:33
Send private message

I have just put a 60E in my own environment which is Orcon gigabit fibre and I had a 30e for the past couple of weeks, and no issues with dhcp, since installing the FG's I have had slow arp updates across all my devices for a reason not apparent. 

 

 

 

What firmware version? I am on 6.x I had 6.2 on the 30e but this 60E is 6.0 something I think. Neither had any issues getting IP from Orcon, though mine is static.

 

You have your WAN plugged in and a new virtual interface with a VLAN 10 set?

 

 


 
 
 
 


1 post

Wannabe Geek


#2340129 18-Oct-2019 12:13
Send private message

I’ve had this exact problem with several juniper SRX series firewalls. I’ve had them working, then after a power outage I send countless DHCP requests but never receive an offer. Plug a Mac or PC in and you get a DHCP lease no problem, then all of a sudden after a week or two you plug in the SRX and it magically works. I’ve tried this with older SRX110s and SRX220s running legacy code, and my modern SRX300 with recommended releases - same result every time. Something appears to be going on with MyRepublics BNG/DHCP server. Unfortunately their technical support for this kind of issue is pretty bad, I’ve tried to provide packet dumps and get a engineer on the phone but no luck.



130 posts

Master Geek


  #2340139 18-Oct-2019 12:38
Send private message

With more link!

https://drive.google.com/a/kablooey.co.nz/file/d/1-9fBsNNz9znFHgkDRgiYkn85eXjYozUF/view?usp=drivesdk



130 posts

Master Geek


  #2340140 18-Oct-2019 12:51
Send private message

Yeah. I literally had an email from my Republics engineer asking for packet caps the day Orcon. Hopefully Orcon are more helpful. It's definitely a weird one though.

2409 posts

Uber Geek

Trusted

  #2340147 18-Oct-2019 13:45
Send private message

It may be the Fortigate is sending a 802.1p COS or something which the UFB network is dropping.. I have requested access of the file but what is 801.p value being sent out...?

 

 


I fix stuff!
1796 posts

Uber Geek

Trusted
Vocus
Subscriber

  #2340148 18-Oct-2019 13:54
Send private message

Josh? :-) Long time if it is :-)

 

PM me your details and I can look at the logs for you.


 
 
 
 




130 posts

Master Geek


  #2340359 18-Oct-2019 19:56
Send private message

Sup!

 

Lennon - Access is fixed, sorry about that. :)

 

Will provide customer details shortly.


2409 posts

Uber Geek

Trusted

  #2340363 18-Oct-2019 20:07
Send private message

Having a quick look .. it seems a standard DHCP request/offer but after the offer the fortinet is ignoring/not accepting the offer. 

 

Maybe turn on logging/updating to latest version/check bugs on existing firmware version. Apart from that I really can't help.

 

 


21941 posts

Uber Geek

Trusted
Lifetime subscriber

  #2340364 18-Oct-2019 20:14
Send private message

So to confirm, the capture has been sent to Fortinet for analysis with a support ticket? As a new partner I am keen to see how they resolve this. 

 

 


I fix stuff!
1796 posts

Uber Geek

Trusted
Vocus
Subscriber

  #2340366 18-Oct-2019 20:26
Send private message

Looking at the pcap file, the DHCP packet is not being framed with 802.1q.

 

We expect the dhcp packet to be tagged with vlan 10.

 

 

 

 


21941 posts

Uber Geek

Trusted
Lifetime subscriber

  #2340372 18-Oct-2019 20:35
Send private message

Sounddude:

 

Looking at the pcap file, the DHCP packet is not being framed with 802.1q.

 

We expect the dhcp packet to be tagged with vlan 10.

 

 

 

 

 

 

 

 

OP are you sure you have a virtual interface added to your WAN Interface?

 

 

 

 

 

As a reference. 

 

I assume you have, but just in case....


2409 posts

Uber Geek

Trusted

  #2340381 18-Oct-2019 21:08
Send private message

The dump may be done on VLAN 10, not on the raw interface so you might not see the VLAN tag.

 

This may help with  debugging if it works on your fortinet.

 

https://kb.fortinet.com/kb/documentLink.do?externalID=FD30879

 

 

 

 




130 posts

Master Geek


  #2341177 21-Oct-2019 08:35
Send private message

Sounddude:

 

Looking at the pcap file, the DHCP packet is not being framed with 802.1q.

 

We expect the dhcp packet to be tagged with vlan 10.

 

 

 

 

 

 

Was certainly meant to be. Will double-check tonight and post config.




130 posts

Master Geek


  #2341179 21-Oct-2019 08:39
Send private message

networkn:

 

So to confirm, the capture has been sent to Fortinet for analysis with a support ticket? As a new partner I am keen to see how they resolve this. 

 

 

 

 

Yeah, we're in the same boat. I used some of my training budget to buy one for home via NFR. Going to see how we go with logging the ticket today (Last week was Kawaiicon).


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05


Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05


School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10


Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01


Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36


Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.