Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akileshc
Staff
Staff

Created on ‎10-20-2022 06:24 AM Edited on ‎11-17-2025 12:44 PM By Community Manager

Article Id 227347

Technical Tip: Enhanced MAC VLAN support with HA setup

Description This article describes the support of EMAC in HA setup.
Scope FortiGate.
Solution
The enhanced MAC VLAN is handled as a physical interface in high availability (HA) deployments. 
It will be assigned a unique physical interface ID, and its MAC table is synced with the slaves in the same HA cluster.

 

The virtual MAC address is calculated using a standard algorithm, similar to any other physical interface in the cluster.

 

CLI Syntax:

 

config system interface
    edit "emac-vlan"
        set vdom "root"
        set ip 10.150.5.253 255.255.240.0
        set allowaccess ping
        set type emac-vlan
        set snmp-index 30
        set interface "dmz"
        set vlanid 150
    next
end

 

diagnose hardware deviceinfo nic emac-vlan
Description EMacvlan Ethernet driver v1.0
System_Device_Name emac-vlan
Lower_Device_Name dmz
Current_HWaddr 00:09:0f:09:64:18 <----- Traffic Egress/Ingress with this MAC.
Permanent_HWaddr 76:4c:a5:a6:80:f4
State up
Link up
npudev_oid 64
macvlan_id 0
vlan_id 150
learn_mac no
mode 2

 

akileshc_0-1666270971092.png

 

akileshc_1-1666271048126.png

 

Note:

If an interface is used in an enhanced MAC VLAN, it should not be used for anything else, including management, HA heartbeat, or Transparent VDOMs, and the physical interface that is being utilized by an EMAC VLAN interface cannot be used in a Virtual Wire Pair.


The MAC Address of an EMAC VLAN can also be found on the command 'diagnose system ha mac'.

 

Meanwhile, note that if VIP is configured on EMAC-VLAN, FortiGate, instead of responding with the EMAC-VLAN interface MAC address, uses the parent-interface MAC address:

Technical Tip: VIP on EMAC-VLAN interface responds with Parent interface MAC address
1079
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.