This article provides the procedure for changing the MAC address of an interface on a FortiGate.

FortiGate.

To configure the MAC address on individual interfaces of FortiGate, follow the configuration below.

FortiGate# config system interface
FortiGate(interface)# edit wan2
FortiGate(wan2)# set macaddr 10:11:22:11:33:11
FortiGate(wan2)# end

To check if the configuration has been applied, run the following commands.

FortiGate# show system interface wan2

config system interface
    edit "wan2"
        set vdom "root"
        set mode dhcp
        set allowaccess ping
        set type physical
        set role wan
        set snmp-index 2
        set macaddr 10:11:22:11:33:11
    next
end

FortiGate# diagnose hardware deviceinfo nic wan2
Description :FortiASIC NP6XLITE Adapter
Driver Name :FortiASIC NP6XLITE Driver
Board :80F
lif id :1
lif oid :65
netdev oid :65
Current_HWaddr 10:11:22:11:33:11
Permanent_HWaddr 94:f3:92:6b:c9:9b

In some cases, configuring the MAC address for an interface is not possible, especially when the interface is part of a VLAN switch, software switch, or hardware switch. 

The following error indicates that such configuration is not permitted on those interfaces.

config system virtual-switch
    edit "internal"
        set physical-switch "sw0"
            config port
                edit "internal1"   <----- Internal1 is a member of a VLAN Switch 'internal'.
            next
                edit "internal2"
            next
        end
    next
end

FortiGate# config system interface
FortiGate(interface)# edit internal1

FortiGate(internal1) #
FortiGate(internal1) # set macaddr
command parse error before 'macaddr'
Command fail. Return code -61

FortiGate(internal1) # end

Additionally, configuring a Mac address to a VLAN interface, VLAN switch, software switch, or hardware switch on FortiGate is not permitted currently.

Note that this command only is available on WAN and internal ports. This command is not available on common ports like port1, port2, etc.