Explorer II

Solved

Get ARP and MAC Table from a Fortimanager Managed Firewall

Forum|Forum|1 year ago
January 11, 2025
3 replies
5739 views

I've been trying figure how to find the mac address and arp tables for one of our fortigate firewalls, but all the documentation seem to be for firewalls not connected to Fortimanager. As you may know, the cli becomes very limited one the a firewall when you connect to Fortimanager, and the CLI on it only seem to give the arp for the manager itself which is not very useful. We're running the Fortimanager VM64 KVM 7.2.8 if that helps. The firewall in question is 200f. Any help would be appreciated.

Best answer by dingjerry_FTNT

Hi @wirelurker ,

I think that your user account does not have full permission to access the FGT. What is the prompt you got? #? $?

Anyway, there is another workaround to access FGT GUI via FMG if your FMG is running 7.4.2 or later:

1) Make sure that your FMG admin user account has either full permission or this option is enabled in your access profile:

2) Go back to Device Manager, click on Managed FortiGate, select the FGT you want to access, right click, choose "Remote Access":

It will open FGT GUI and if you login to the FGT GUI with full permission, you can bring up the FGT CLI widget in GUI with full access to all CLI commands.

So the key point is, do you have one FGT admin user account with full permission?

kaman

Staff

Hi wirelurker,

From the GUI, the MAC address of the interface and ARP list will not be visible.

It is necessary to Need to use the CLI.

Please refer to the below document for more information:
https://community.fortinet.com/t5/FortiManager/Technical-Tip-Mac-address-interface-and-ARP-list-for/ta-p/251037

You can refer the below document to check ARP entries on an ARP table in FortiGate.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-get-system-arp-command-on-the-FortiGate/ta-p/334336

wirelurkerAuthor

Explorer II

If I do it from the fortimanager, it only lists the FMGR interfaces. If I ssh to the individual fortigates, there is no diagnose command and the get command is very limited as in no arp command and any subcommand.

dingjerry_FTNT

Staff

Hi @wirelurker ,

Even if a FGT is managed by a FMG, you can still SSH into this FGT to run CLI commands.

wirelurkerAuthor

Explorer II

These are my choices if I ssh to a managed firewall:

config
get
show
exit

Under get there is only the system command. Nothing else.

dingjerry_FTNTAnswer

Staff

Hi @wirelurker ,

I think that your user account does not have full permission to access the FGT. What is the prompt you got? #? $?

Anyway, there is another workaround to access FGT GUI via FMG if your FMG is running 7.4.2 or later:

1) Make sure that your FMG admin user account has either full permission or this option is enabled in your access profile:

2) Go back to Device Manager, click on Managed FortiGate, select the FGT you want to access, right click, choose "Remote Access":

It will open FGT GUI and if you login to the FGT GUI with full permission, you can bring up the FGT CLI widget in GUI with full access to all CLI commands.

So the key point is, do you have one FGT admin user account with full permission?

kaman

Staff

Hi wirelurker,

With the help of the command: get sys arp | grep wan -- you can see per port (MAC address learnt on a specific port, with age).

Per port (along with IP addresses and other details).
# diag ip arp list | grep wan

Current port mac address:
# diag hardware deviceinfo nic wan2 | grep HWaddr

https://community.fortinet.com/t5/FortiGate/Technical-Tip-ARP-and-MAC-addresses-on-FortiGate/ta-p/210231

You can refer to the below document to find the interface's MAC address

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-find-the-interface-s-MAC-address/ta-p/193612

Regards

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded