You can set up an additional DHCP relay for DHCP fingerprinting on any switch in this VLAN (assuming the switch supports this feature).
Then the clients get their IPs from the Fortigate, the switch relays the DHCP requests to ClearPass and then you have the fingerprints.
------------------------------
Regards,
Waldemar
ACCX # 1377, ACEP, ACX - Network Security
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Sep 03, 2024 06:29 AM
From: AH18
Subject: Collect fingerprinting on vlan that don't have DHCP relay
Hi,
Thank you for your response.
Yes, I know I can put more than 1 relay.
My problem is the VLANs where the FortiGate is operating as the DHCP server. meaning it doesn't have a relay configured at all.
As far as I know, You can't configure a VLAN on the FortiGate to get DHCP from the Fortifate and configure a relay on the same VLAN.
------------------------------
Best regards,
Alon Haber
Original Message:
Sent: Sep 03, 2024 05:39 AM
From: ariyap
Subject: Collect fingerprinting on vlan that don't have DHCP relay
you can have more than one DHCP relay for each VLANs, ClearPass just needs to see the DHCP request and it will not respond to it.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Sep 03, 2024 05:12 AM
From: AH18
Subject: Collect fingerprinting on vlan that don't have DHCP relay
Hi all.
I have deployed Clearpass in the network.
I want to collect fingerprinting but not all VLANs have a relay on the gateway.
Some of them get DHCP from the gateway (Fortigate).
What is the best solution for getting those fingerprints in my case?
------------------------------
Best regards,
Alon Haber
------------------------------