| Description | This article explains the mac address behavior when the source server from the primary IP network reaches to destination server on a secondary IP network. |
| Scope | FortiGate. |
| Solution | 
FortiGate's physical interface has 2 IP networks:
Primary IP: 10.87.x.1/24 Secondary IP: 10.87.y.1/24
Source server from Site B with IP: 10.87.y.2 Destination server from Site A with IP 10.87.x.2
When the Site B server accesses to Site A server, the traffic will pass via the FortiGate.
When the packet reaching to FortiGate, the packet received from the incoming interface will forward out to the same interface after traffic inspection.
Site B server source mac address will be changed from xx:xx:xx:6f:1c:01 to xx:xx:xx:6f:2c:03.
When the Site A server replies, it will reply to FortiGate mac xx:xx:xx:6f:2c:03 instead to the Site B server even if they are connecting to the same switch.
 |
