Skip to main content
BensonLEI
BensonLEI
New Member
October 23, 2020
Solved

Fortigate interfaces mac address changed

  • October 23, 2020
  • 2 replies
  • 29950 views

Hi guys, 

 

We have Forti400E HA pairs topology ( with FortiOS V6.4.2 ) in the production network, and intend to change the interface MAC add; do we need to change the same mac add for both devices at the same time, or just change the MAC add in primary/master Forti400E ( it will synch the mac add to the secondary/slave Forti400E ) ?

 

Thanks so much for your advice

 

 

    Best answer by MarMar

    Hi,

     

    Every FortiGate physical interface has two MAC addresses: the current hardware address and the permanent hardware address. The permanent hardware address cannot be changed, it is the actual MAC address of the interface hardware. The current hardware address can be changed.

     

    For an operating cluster, the current hardware address of each cluster unit interface is changed to the HA virtual MAC address by the FGCP. The macaddr option is not available for a functioning cluster. You cannot change an interface MAC address and you cannot view MAC addresses from the system interface CLI command.

     

    MarMar

    2 replies

    MarMar
    MarMarAnswer
    New Member
    October 23, 2020

    Hi,

     

    Every FortiGate physical interface has two MAC addresses: the current hardware address and the permanent hardware address. The permanent hardware address cannot be changed, it is the actual MAC address of the interface hardware. The current hardware address can be changed.

     

    For an operating cluster, the current hardware address of each cluster unit interface is changed to the HA virtual MAC address by the FGCP. The macaddr option is not available for a functioning cluster. You cannot change an interface MAC address and you cannot view MAC addresses from the system interface CLI command.

     

    MarMar

    BensonLEI
    BensonLEIAuthor
    New Member
    October 27, 2020

    Hi, MARMAR,

     

    Thanks so much for your information.

     

    Based on my finding, two mac addr are defined for a fortigate interface ( current and perm. mac add), as you state.

     

    But the current mac add can be viewed and changed:

     

    https://kb.fortinet.com/kb/documentLink.do?externalID=FD30888.

     

     

    Cheers

     

     

     

     

    MarMar
    MarMar
    New Member
    October 27, 2020

    Hi BensonLEI,

     

    what you say is true if you are not talking about HA Cluster. In this case the FGCP (Fortigate Cluster Protocol) manages the current addresses and it is no longer possible to set them manually.

    In this part of the documentation it is a bit clearer.

     

    https://docs.fortinet.com/document/fortigate/6.0.0/handbook/996579/cluster-virtual-mac-addresses

     

    MarMar

    boneyard
    boneyard
    Valued Contributor
    October 23, 2020

    how are you going to change the MAC address?

     

    if this is based on the group-id in the ha settings i believe this needs to be done on both units.

     

    if in another way please share how.

    BensonLEI
    BensonLEIAuthor
    New Member
    October 27, 2020

    Hi, Boneyard,

     

    Great help.

     

    Cheers

     

    Terms & ConditionsAccessibility statement