Technical Tip: Understanding how ip-conflict-detect works on FortiGate
| Description | This article describes that from v7.6, a new feature called ip-conflict-detect has been introduced. This feature helps in troubleshooting by detecting and resolving IP address conflicts within a network. This article will explore how this feature aids in the troubleshooting process. |
| Scope | FortiGate v7.4.8, v7.6.0 and above. |
| Solution | By default, the feature is disabled.
Related document:
Active Detection will be triggered when:
Alongside the above, the firewall will keep monitoring the Gratuitous ARP packet, and if a device connected to FortiGate is trying to use an IP address that is already in use, a log will be generated.
In the lab firewall, set the ip-conflict-detection to enable:
kvm25 # config system global kvm25 (global) # set ip-conflict-detection enable kvm25 (global) #
Tried to change the IP of the firewall on port3 to the same IP as one of the machine's IPs connected to the firewall interface port3. Once the IP conflict is detected, the firewall generates a log at Log&Report -> System Events -> General System Events as follows:
date=2024-12-25 time=04:23:26 eventtime=1735129406434351939 tz="-0800" logid="0100032701" type="event" subtype="system" level="error" vd="root" logdesc="Detected IP conflicts on FGT interfaces." msg="Duplicate IP address 10.171.5.9X of MAC 00:7X:6e:69:0X:0X was detected on interface port3, also in use by port3 (00:6X:61:78:1X:0X)" |