Chapter 11 IPsec VPN for FortiOS 5.0 : FortiClient dialup-client configurations : Configure the FortiGate unit : Configuring DHCP services on a FortiGate interface
  
Configuring DHCP services on a FortiGate interface
If the FortiClient dialup clients are configured to obtain a VIP address using DHCP, configure the FortiGate dialup server to either:
relay DHCP requests to a DHCP server behind the FortiGate unit (see “To configure DHCP relay on a FortiGate interface” below).
act as a DHCP server (see “To configure a DHCP server on a FortiGate interface”).
Note that DHCP services are typically configured during the interface creation stage, but you can return to an interface to modify DHCP settings if need be.
To configure DHCP relay on a FortiGate interface
1. Go to System > Network > Interfaces and select the interface that you want to relay DHCP.
2. Under DHCP Server, select Enable and create a new DHCP Address Range and Netmask.
3. Open the Advanced... menu and select Relay for the Mode option.
4. For the Type, select IPsec.
5. Select OK.
To configure a DHCP server on a FortiGate interface
1. Go to System > Network > Interfaces and select the interface that you want to act as a DHCP server.
2. Under DHCP Server, select Enable and create a new DHCP Address Range and Netmask.
3. For Default Gateway, enter the IP address of the default gateway that the DHCP server assigns to DHCP clients.
4. For DNS Server, select Same as System DNS. If you want to use a different DNS server for VPN clients, select Specify and enter an IP address in the available field.
5. Open the Advanced... menu and select Server for the Mode option.
6. For the Type, select IPsec.
7. Select OK.