FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
DPadula
Staff
Staff
Article Id 261953
Description This article describes how to change the mac address on physical interface for a pair of HA FortiGates.
Scope All FortiGates that are configured in HA mode.
Solution

When there is more than one connection to the same ISP using a pair of FortiGates in HA configuration, the ISP might detect the same MAC address coming from other devices in another site and will not allow the connection to its network.

 

Network Diagram.png

 

When there is a pair of FortiGate configured as HA the 'set macaddr <MAC address>' command under the physical interface is not available.

 

No set mac address.png

 

Solution

 

To solve this issue, the 'set group-id <number>' used under 'config system ha' must be changed on both devices (Active and Passive), once the HA MAC address is based on it.

 

config system ha
    set group-id <number>
end

 

Change mac address HA.png

 

Note:

Wait for 30-60 seconds to have the MAC address updated.

 

Related articles:

How to set or change the MAC addresses associated with a FortiGate interface 

Technical Tip: HA Cluster virtual MAC addresses

 

Contributors