Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
btey
Staff
Staff

Created on ‎03-12-2023 10:52 PM Edited on ‎03-12-2023 10:52 PM By Community Manager

Article Id 248267

Technical Tip: Mac address behavior for secondary IP address

Description This article explains the mac address behavior when the source server from the primary IP network reaches to destination server on a secondary IP network.
Scope FortiGate.
Solution topology.png

 

FortiGate's physical interface has 2 IP networks:

 

Primary IP: 10.87.x.1/24

Secondary IP: 10.87.y.1/24

 

Source server from Site B with IP: 10.87.y.2

Destination server from Site A with IP 10.87.x.2

 

When the Site B server accesses to Site A server, the traffic will pass via the FortiGate.

 

When the packet reaching to FortiGate, the packet received from the incoming interface will forward out to the same interface after traffic inspection.

 

Site B server source mac address will be changed from xx:xx:xx:6f:1c:01 to xx:xx:xx:6f:2c:03. 

 

When the Site A server replies, it will reply to FortiGate mac xx:xx:xx:6f:2c:03 instead to the Site B server even if they are connecting to the same switch.

 

before.PNG
567
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.