Monthly Archives: November 2013

Fortigate DHCP server VIA CLI and adding DHCP Options

Fortinet does a great job with almost every aspect of the Fortigate device. There are a few hidden , but very important options that you cannot configure in the GUI of Fortinet. One being DHCP options, for Voice, Wireless, Etc. Below are the setups to setup a DHCP scope in CLI, and add options. Another option is to configure the scope through GUI, and then just modify the scope through CLI to add the options.

Within the Gui in FortiOS5 the DCHP config is in the network interface. This is a great place to have it. In CLI the option to configure it is

config sys dhcp server

Below image shows all commands needed in CLI


Once you edit the dhcp scope (config sys dhcp server.. then edit the scope id. )

You can add the following commands:


So, lets add option 46. This could be used with Ruckus wireless to push AP broadcasts to the Zonedirector.

To set the option for example here to an IP address, it  requires you to convert this to HEX.

I used this :


after setting this command, my APs hooked up to my ZD.

So to recap, with DHCP and FortiOS5 you can create the DHCP scope totally in CLI, or it works great in the GUI. You can configure this under network – interface. If you need to add options such as WINS, NTP, or other options it might be best to configure these through CLI.

Ad-Hoc network with Chromecast and Windows 8.

I love the Chromecast device. It works great, and for the price, WOW!

I travel pretty often and most hotel wireless networks require signing in. Not to mention I usually have horrible signal strength. So to remedy this I created an Ad-Hoc wireless network from my Windows 8 laptop, and configured the Chromecast on this network. Everything works perfectly.

What I had to do:

Create the Ad Hoc network within Windows 8:


The command is as follows: netsh wlan set hostednetwork mode=allow ssid=jc-wifi key=password

jc-wifi is my ad hoc SSID

Next I had to start the network:


Next I just connected to the Chromecast, and configured my settings. Everything worked, execpt the Chromecast kept saying “Connected but no internet” – This actually stoped the Chromecast from being casted to.

I had to go in and Enable internet connection sharing on the Virtual adapter, and make sure it was set to use DHCP (for some reason it set a Static IP)


I then selected the correct connection (ad hoc) to share with. And everything worked great!

Enabling sFlow in Fortigate Firewalls

sFlow uses sampling to send real time monitoring updates to your favorite sFlow analyzer. Fortinet supports sFlow but it can as of now only be configured in CLI.

To configure sFlow for fortigate:

The following commands configure a FortiGate appliance to sample packets at 1-in-512, poll counters every 30 seconds and send counters to an analyzer which in my network is PRTG. PRTG is free for 10 sensors, and the sFlow sensor counts as just one of them :). sFlow uses UDP and by default uses port 6343, which you can change to anything you would like.

config system sflow
set collector-ip
set collector-port 6343
— remember changes don’t take effect until this command is entered.

Then for each interface:

config sys interface
edit port1
set sflow-sampler enable
set sample-rate 512
set sample-direction both
set polling-interval 30

In PRTG setup the sFlow sensor, make sure to set the port and you should start seeing some really good statistics come in. A tip with PRTG is create a new sFlow sensor with a different port for each device sending flows.


Hello world