Technical Tip: ARP and MAC addresses on FortiGate

Description

ARP: The Address Resolution Protocol is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. (Address Resolution Protocol - Wikipedia).

MAC address: Media access control address is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment.

Scope

Showing the commands available to list the MAC addresses on a FortiGate.

Solution

Mac addresses on FortiGate can be seen:

In NAT Mode.

• Per port (MAC address learnt on a specific port, with age).

get sys arp | grep wan
78.91.12.34 0 00:00:01:23:86:46 wan2  <----- This is the MAC address of the remote unit.

• Per port (along with IP addresses and other details).

diagnose ip arp list | grep wan
index=7 ifname=wan2 78.91.12.34 0 00:00:01:23:86:46 state=00000002 use=136 confirm=124 update=226 ref=99

• Current port MAC address:

diagnose hardware deviceinfo nic wan2 | grep HWaddr
Current_HWaddr 90:6c:ac:89:00:61
Permanent_HWaddr 90:6c:ac:89:00:61

• MAC addresses of the interfaces of all units in a HA cluster:

diagnose sys ha dump-by device

• List firewall IP/MAC address pairs (static data, defined in config).

diagnose firewall ipmac list

In Transparent mode.

Operating as a switch, the 'bridge controller' will be used to see the MAC address table.

diagnose netlink brctl name host root.b <----- Replace root with the desired VDOM.
diagnose netlink brctl list

Related article:

Technical Tip: How to check MAC-address table in Transparent mode