Solved

Should Fortinet Firewall, PowerConnect Switch or Comcast Router be DHCP Server?

I have a Fortinet FortiGate firewall, a Dell PowerConnect switch and will be getting a Comcast router for Internet access at a business. Basically, this is a new network to be installed in parallel with a functional network from another provider. Once the new network is stable, the old network will be retired. The reasons for this are that the present network is wireless access only with the router located in the office instead of the telephone closet, and we are adding a file server which does not have wireless access, a few extra computers, the switch, and the hardware firewall. Right now the wireless router is acting as the DHCP server. However, I do not think it will work properly from the telephone closet given the wiring in there. From what I have gathered so far, each of the three units in question can function as a DHCP server: my question is which is the best choice? My idea for the network is the computers, wireless access point, and server being plugged into wall jacks which lead to the telephone closet where the PowerConnect switch will be, which itself will be plugged into the Fortinet, which will be plugged into the Comcast router, which will connect to the Internet. It seems to me that the switch should be the DHCP server but that implementation seems to be rather complex. Any suggestions would be greatly appreciated.
6 answers Last reply Best Answer
More about fortinet firewall powerconnect switch comcast router dhcp server
  1. Make the firewall your LAN DHCP server, unless you have a windows Active Directory server. If you do then that's your DHCP server. That should give all the things on your internal network an IP address.

    Set the Comcast router that the firewall is plugged into as a DHCP server as well but give it a completely different private IP range to hand out, that's probably the easiest way for your firewall to get an IP address so that your traffic will route properly out to the internet and back.
  2. Nijinski said:
    Make the firewall your LAN DHCP server, unless you have a windows Active Directory server. If you do then that's your DHCP server. That should give all the things on your internal network an IP address.

    Set the Comcast router that the firewall is plugged into as a DHCP server as well but give it a completely different private IP range to hand out, that's probably the easiest way for your firewall to get an IP address so that your traffic will route properly out to the internet and back.


    I'm not sure I understand that. Who is the Comcast router handing IPs to if the firewall is doing it already?
  3. The Comcast router hand an IP to the external interface of the Fortinet, the internal interface of the Fortinet is handing out IPs to your internal network, including the powerconnect switch
  4. Nijinski said:
    The Comcast router hand an IP to the external interface of the Fortinet, the internal interface of the Fortinet is handing out IPs to your internal network, including the powerconnect switch


    Thank you for your answer.

    In looking around, it seems that the file server I intended to have will have to be an Active Directory server since we will have people of differing access permissions utilizing the same server. This is my first time with Windows Server 2012 and I am wary of the dramatic change. I have fussed with a Windows 8 machine and am still getting familiar with it. I will do more digging for specifics but if I may ask...can the layout still be Internet to Comcast router to firewall to network switch to all computers including the server if it is the only one doing duty as the DHCP machine?
  5. Best answer
    You should still leave the Comcast router as DHCP handing an IP to the firewall.

    You then turn off DHCP on the firewall and the switch and leave the Active Directory server to hand out IPs to your internal network. Your Active Directory server will be your DHCP server, your DNS server and your logon/permissions controller. The internal IP of your firewall will be your default gateway for the internal network, everything the external side of the firewall should take care of itself.

    If I get a chance, I'll draw a diagram with some example IPs, it'll probably make it clearer
  6. Nijinski said:
    You should still leave the Comcast router as DHCP handing an IP to the firewall.

    You then turn off DHCP on the firewall and the switch and leave the Active Directory server to hand out IPs to your internal network. Your Active Directory server will be your DHCP server, your DNS server and your logon/permissions controller. The internal IP of your firewall will be your default gateway for the internal network, everything the external side of the firewall should take care of itself.

    If I get a chance, I'll draw a diagram with some example IPs, it'll probably make it clearer


    That would be greatly appreciated, thank you! In the meantime I'll keep looking on how to best use that 2012 Server.
Ask a new question

Read More

Networking Routers Switch DHCP Fortinet Firewalls