Home | ParagonHost | LiquidLayer | News | Products | Blog | Video | Crawler.Search | Helpdesk

How-to: Configure DHCP Custom Options Fortigate

(Ex) Option 66: 

Need to convert each byte to HEX, like 192=C0, 168=A8,… so the correct config should be:
set option2 66 ‘C0A8026F’. - On this site, you will find free online tools to perform common string manipulations such as reversing a string, calculating a string’s length or encoding a string!

How-to: Configure DHCP Custom Options on a FortiGate
FortiGate allows you to configure up to six custom DHCP options beyond the standard default gateway, DNS, NTP and domain options.

We’ll go through the steps to configure a DHCP server from scratch and configure the most commonly used options as well as a few custom ones.

The details for this DHCP server will be as follows:

Interface: wifi-interface
Address Range:
Default Gateway:
Primary DNS:
Secondary DNS:
Primary NTP:
Domain name suffix: labdomain.local
Option 252: (this is the default proxy option)
Option 66: (TFTP option to allow provisioning to unmanaged SIP phones)

Firstly goto the CLI and enter the following to create a new DHCP server.

FORTIGATE80C # config system dhcp server
FORTIGATE80C (server) # edit 0

Now type the following to create the IP range

FORTIGATE80C (3) # config ip-range
FORTIGATE80C (ip-range) # edit 1
FORTIGATE80C (1) # set start-ip
FORTIGATE80C (1) # set end-ip
FORTIGATE80C (1) # end

Next the following set commands for all the basic options:

FORTIGATE80C (3) # set default-gateway
FORTIGATE80C (3) # set netmask
FORTIGATE80C (3) # set dns-server1
FORTIGATE80C (3) # set dns-server2
FORTIGATE80C (3) # set ntp-server1
FORTIGATE80C (3) # set domain labdomain.local
FORTIGATE80C (3) # set interface wifi-interface

Now for the custom options. The syntax for custom options on a FortiGate is:


An option number is a decimal number (in this instance 252 and 66), while the option itself is the value we want ( and The thing to note is that the FortiGate require the option to be in hexadecimal, not as a string or digits. So before we can begin, we need to convert the strings into hexadecimal first.

A quick google for ‘string to hexadecimal converter’ will bring up some useful pages. I like to use the one at Type in the strings you want to convert and save the hexadecimal output.

I don’t think this opion 66 config would work. Any field that contains an IP address in Bootp vendor options(DHCP options) requires binary data, just like source/destination address field in Ethernet Frame header, not “ascii coded dotted-decimal-notation”. So you need to convert each byte to HEX, like 192=C0, 168=A8,… so the correct config should be:
set option2 66 ‘C0A8026F’.