Technical Tip: How to find the interface's MAC address
Description
This article describes how to find the interface's MAC address.
Scope
FortiGate.
Solution
From GUI:
Go to Network -> Interfaces -> Edit Interface and along with the interface name hardware address also be added from version 5.4 onward.
From v6.2 onwards:
In non-VDOM mode.
get hardware nic <if_name> | grep Hwaddr
In VDOM mode.
config global
get hardware nic <if_name> | grep Hwaddr
Example.
To see the firewall port2 MAC address:
get hardware nic port2
Name: port2
Version: 1.1.29.0-k-NAPI
FW version: N/A
Bus: 0000:0b:00.0
Hwaddr: 00:75:72:61:5f:02
Permanent Hwaddr:00:75:72:61:5f:02
State: up
Link: up
Mtu: 1500
It is also possible to use fnsysctl utility. This will show the current HW address and it works also for virtual interfaces, like VLAN:
Note that when executing the above command on a member of the HA cluster, the primary unit will display the virtual MAC address of the interface, whereas the subordinate unit will show the MAC address programmed by the Network Interface Card manufacturer for the respective vendor.
Note: Sometimes, packet captures taken from FortiGate may display a Microsoft or Amazon MAC address as the FortiGate's MAC address. This behavior is expected when the FortiGate is deployed in a public cloud environment such as Google Cloud Platform (GCP), Amazon Web Services (AWS), or Microsoft Azure, where the underlying virtual infrastructure uses the cloud provider’s MAC addresses.
Note:
- When a host sends an ARP request to resolve the firewall's IP address, the firewall responds with its MAC address, allowing the host to update its ARP table with the IP-to-MAC mapping for the firewall.
- The firewall, on the other hand, does not create an ARP entry for its own interface IP address, as ARP tables typically only store mappings for neighboring devices to facilitate communication, not for the device's own IP address.
- This ensures efficient ARP table management and accurate resolution of neighboring device addresses.
Related article: