Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




129 posts

Master Geek


# 259729 17-Oct-2019 22:27
Send private message

The Orcon-provided router works just fine. Trying to use a FG-60E instead. :)

 

I've just switched across to Orcon from My Republic, and my DHCP issues with my Fortigate 60E appear to have followed along. It does not appear to get a DHCP lease. With My Republic, it never even saw a DHCP offer. Under Orcon, I'm seeing the offer, and sending the request back, but never getting the acknowledgement.

 

The issue originally began randomly about three weeks ago with My Republic, and their first level guys said they'd had another fortigate user with the same issue recently.

 

The Fortigate happily gets a DHCP lease from LAN-based sources, but very definitely hates anything coming out of the ONT - it had been running fine for months. Any ideas/other people in the same boat? Packet capture attached.


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
239 posts

Master Geek


  # 2339987 18-Oct-2019 08:31
Send private message

VLAN tagging?

 

I can't see the packet capture attached.

 

Cheers


21748 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2339988 18-Oct-2019 08:33
Send private message

I have just put a 60E in my own environment which is Orcon gigabit fibre and I had a 30e for the past couple of weeks, and no issues with dhcp, since installing the FG's I have had slow arp updates across all my devices for a reason not apparent. 

 

 

 

What firmware version? I am on 6.x I had 6.2 on the 30e but this 60E is 6.0 something I think. Neither had any issues getting IP from Orcon, though mine is static.

 

You have your WAN plugged in and a new virtual interface with a VLAN 10 set?

 

 


 
 
 
 


1 post

Wannabe Geek


# 2340129 18-Oct-2019 12:13
Send private message

I’ve had this exact problem with several juniper SRX series firewalls. I’ve had them working, then after a power outage I send countless DHCP requests but never receive an offer. Plug a Mac or PC in and you get a DHCP lease no problem, then all of a sudden after a week or two you plug in the SRX and it magically works. I’ve tried this with older SRX110s and SRX220s running legacy code, and my modern SRX300 with recommended releases - same result every time. Something appears to be going on with MyRepublics BNG/DHCP server. Unfortunately their technical support for this kind of issue is pretty bad, I’ve tried to provide packet dumps and get a engineer on the phone but no luck.



129 posts

Master Geek


  # 2340139 18-Oct-2019 12:38
Send private message

With more link!

https://drive.google.com/a/kablooey.co.nz/file/d/1-9fBsNNz9znFHgkDRgiYkn85eXjYozUF/view?usp=drivesdk



129 posts

Master Geek


  # 2340140 18-Oct-2019 12:51
Send private message

Yeah. I literally had an email from my Republics engineer asking for packet caps the day Orcon. Hopefully Orcon are more helpful. It's definitely a weird one though.

2404 posts

Uber Geek

Trusted

  # 2340147 18-Oct-2019 13:45
Send private message

It may be the Fortigate is sending a 802.1p COS or something which the UFB network is dropping.. I have requested access of the file but what is 801.p value being sent out...?

 

 


I fix stuff!
1791 posts

Uber Geek

Trusted
Vocus
Subscriber

  # 2340148 18-Oct-2019 13:54
Send private message

Josh? :-) Long time if it is :-)

 

PM me your details and I can look at the logs for you.


 
 
 
 




129 posts

Master Geek


  # 2340359 18-Oct-2019 19:56
Send private message

Sup!

 

Lennon - Access is fixed, sorry about that. :)

 

Will provide customer details shortly.


2404 posts

Uber Geek

Trusted

  # 2340363 18-Oct-2019 20:07
Send private message

Having a quick look .. it seems a standard DHCP request/offer but after the offer the fortinet is ignoring/not accepting the offer. 

 

Maybe turn on logging/updating to latest version/check bugs on existing firmware version. Apart from that I really can't help.

 

 


21748 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2340364 18-Oct-2019 20:14
Send private message

So to confirm, the capture has been sent to Fortinet for analysis with a support ticket? As a new partner I am keen to see how they resolve this. 

 

 


I fix stuff!
1791 posts

Uber Geek

Trusted
Vocus
Subscriber

  # 2340366 18-Oct-2019 20:26
Send private message

Looking at the pcap file, the DHCP packet is not being framed with 802.1q.

 

We expect the dhcp packet to be tagged with vlan 10.

 

 

 

 


21748 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2340372 18-Oct-2019 20:35
Send private message

Sounddude:

 

Looking at the pcap file, the DHCP packet is not being framed with 802.1q.

 

We expect the dhcp packet to be tagged with vlan 10.

 

 

 

 

 

 

 

 

OP are you sure you have a virtual interface added to your WAN Interface?

 

 

 

 

 

As a reference. 

 

I assume you have, but just in case....


2404 posts

Uber Geek

Trusted

  # 2340381 18-Oct-2019 21:08
Send private message

The dump may be done on VLAN 10, not on the raw interface so you might not see the VLAN tag.

 

This may help with  debugging if it works on your fortinet.

 

https://kb.fortinet.com/kb/documentLink.do?externalID=FD30879

 

 

 

 




129 posts

Master Geek


  # 2341177 21-Oct-2019 08:35
Send private message

Sounddude:

 

Looking at the pcap file, the DHCP packet is not being framed with 802.1q.

 

We expect the dhcp packet to be tagged with vlan 10.

 

 

 

 

 

 

Was certainly meant to be. Will double-check tonight and post config.




129 posts

Master Geek


  # 2341179 21-Oct-2019 08:39
Send private message

networkn:

 

So to confirm, the capture has been sent to Fortinet for analysis with a support ticket? As a new partner I am keen to see how they resolve this. 

 

 

 

 

Yeah, we're in the same boat. I used some of my training budget to buy one for home via NFR. Going to see how we go with logging the ticket today (Last week was Kawaiicon).


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.