Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sbabu
Staff
Staff

Created on ‎08-26-2024 11:34 PM Edited on ‎11-25-2025 05:30 AM By Community Manager

Article Id 334571

Technical Tip: Same MAC Address/Hostname is seen in forward logs for different end users in FortiGate

Description

 

This article describes the case when the same MAC Address/Hostname is seen in forward logs for different end users in FortiGate.

 

Scope

 

FortiGate.

 

Solution

 

This usually happens when there is a Layer3 device present between FortiGate and end hosts. All traffic routes to the Layer3 device reach the FortiGate. 

 

When the traffic is inspected on FortiGate, it will only see the MAC address of the Downstream Layer 3 device for different IP addresses. Hence, it will add the same MAC address for all the hosts whose traffic is forwarded from the Layer3 device. 

 

This information will be visible in traffic forward logs:

 

SAME MAC.png

 

Note: When the device detection feature is enabled at the interface level, and all traffic is routed through a Layer 3 switch to FortiGate. In this case, it will show the same hostname in forward traffic logs. For more information on device detection, see this article: Technical Tip: Enable Device Detection to allow FortiOS.

1305
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.