FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 248267
Description This article explains the mac address behavior when the source server from the primary IP network reaches to destination server on a secondary IP network.
Scope FortiGate.
Solution topology.png


FortiGate's physical interface has 2 IP networks:


Primary IP: 10.87.x.1/24

Secondary IP: 10.87.y.1/24


Source server from Site B with IP: 10.87.y.2

Destination server from Site A with IP 10.87.x.2


When the Site B server accesses to Site A server, the traffic will pass via the FortiGate.


When the packet reaching to FortiGate, the packet received from the incoming interface will forward out to the same interface after traffic inspection.


Site B server source mac address will be changed from xx:xx:xx:6f:1c:01 to xx:xx:xx:6f:2c:03. 


When the Site A server replies, it will reply to FortiGate mac xx:xx:xx:6f:2c:03 instead to the Site B server even if they are connecting to the same switch.