The dreaded PXE-E32
-
So, I may be wrong, but if you aren’t using a Windows server, it might not actually be ports 66 and 67 that you need to configure. Try to configure port 69 UDP on your FortiGate as this is that devices TFTP port.
Page 260 of this document:
-
Alrighty! I’ll have another crack at her on Monday - that’ll be the first thing I do.
Thank you very, very much![quote=“Kevin, post: 1268, member: 3”]So, I may be wrong, but if you aren’t using a Windows server, it might not actually be ports 66 and 67 that you need to configure. Try to configure port 69 UDP on your FortiGate as this is that devices TFTP port.
Page 260 of this document:
[URL=‘https://encrypted.google.com/url?sa=t&rct=j&q=allow tftp traffic fortigate&source=web&cd=1&ved=0CCYQFjAA&url=http%3A%2F%2Fdocs.fortinet.com%2Ffgt%2Fhandbook%2F40mr3%2Ffortigate-system-admin-40-mr3.pdf&ei=Y-I1T7mfD8angwfZu-znBQ&usg=AFQjCNEcUiMM5JstGxmRc9AAzBTvVXsmCw&sig2=28Eu3vcZ9-Gea-hmSQw0rA&cad=rja’]https://encrypted.google.com/url?sa=t&rct=j&q=allow tftp traffic fortigate&source=web&cd=1&ved=0CCYQFjAA&url=http://docs.fortinet.com/fgt/handbook/40mr3/fortigate-system-admin-40-mr3.pdf&ei=Y-I1T7mfD8angwfZu-znBQ&usg=AFQjCNEcUiMM5JstGxmRc9AAzBTvVXsmCw&sig2=28Eu3vcZ9-Gea-hmSQw0rA&cad=rja[/URL][/quote]
-
Keep us posted on what you find out and good luck!
-
Okay, so after double checking my work on the security protocol, I’m certain I’ve got that much right… I’m also halfway certain that 66 & 67 are set proper but I’m trying to find a code index to check that. At this point, no technical progress has been made, sadly. Back to the drawing board!
EDIT: That shouldn’t be effecting the ability of Windows to perform a tftp get command, though. If the port is open, what am I missing here?
-
I’m going to have a go at setting it up with an “unmodifiable DHCP server” a’la FOG setup guide.
-
G
[quote=“songnar, post: 1322, member: 480”]I’m going to have a go at setting it up with an “unmodifiable DHCP server” a’la FOG setup guide.[/quote]
Good news!
No, wait, bad news! That didn’t work out either. Nuts.I’ve gone back to my original plan, set up FOG to forward DHCP to the DHCP server which tells PXE booting clients where to find the pxelinux.0 file…
I still have not been able to get windows to successfully TFTP 192.168.X.X get pxelinux.0 to work either.
I’m fairly certain that the TFTP server is running as I can do TFTP get from-to the server in terminal.
I have blasted open ALL internal-to-internal ports. Still PXE-E32.Baffling.
-
Problem found!
We have a multi-system VoIP configuration on our network. It is using port 69.
Now…what’s plan B?
-
Okay, I’m going to try something stupid, maybe I’ll get lucky.
I am going to set up FOG to provide DHCP but it will have an IP range of 0.151 to 0.181, the fortigate is providing addresses from 0.1 to 0.150.
I will disable option 67 but leave option 66 on and pointing to the FOG server which will have an address within the 1-150 range.
Bets, anyone?
-
PROBLEM FOUND!
The ultimate issue in my system has been located.
Shame it’s not a cake in the manifold.I popped in gPXE into a machine and got some useful output… The bloody Fortigate isn’t passing option 66! It’s trying to use 0.254 (the gateway) as the TFTP server even though I have calm explained to it that the TFTP server is at 0.90!
What is a guy to do?
-
Had a similar problem. Option 66 is being passed but the next-server in the bootp wasn’t set. Try using the CLI on the fortigate to go in and edit the DHCP settings.
From the CLI:
FORT-310B # config vdom
FORT-310B (vdom) # edit <vdom name>
FORT-310B (<vdom name>) # config system dhcp server
FORT-310B (server) # edit 1 //Replace 1 with the number of the DHCP server id on the fortigate if more than one configured
FORT-310B (1) # [COLOR=#ff0000][B]set next-server 192.168.X.X[/B][/COLOR]
FORT-310B (1) # end