Description

This article describes the Virtual MAC (VMAC) changes post major firmware version upgrade in HA cluster.

Scope

FortiGate.

Solution

To calculate VMAC, see this document.

While upgrading the major firmware versions in FortiGate like v7.0 to v7.2 or v7.2 to v7.4 or v7.4 to v7.6 it is possible to see the virtual MAC address change.

The following is the CLI output showing the current VMAC for firmware Major Version 7.0 with a VMAC address for the primary as 70:4c:a5:00:00:20.

Primary FortiGate before upgrade:

(global) # diagnose hardware deviceinfo nic port27
==========================================================================
Slot: 1 Module SN: FPC6KFT018902560
Description :FortiASIC NP6 Adapter
Driver Name :FortiASIC Unified NPU Driver
Name :np6_0
PCI Slot :0000:0a:00.0
irq :43
Board :FGT6000F
SN :FPC6KFT018902560
Major ID :29
Minor ID :0
.....
Current_HWaddr 70:4c:a5:00:00:20
Permanent_HWaddr d4:76:a0:30:de:30
(global) # show full | grep group-id
set group-id 30

After upgrading the FortiGate from major v7.0 to v7.2, the primary FortiGate changed VMAC as 70:4c:a5:01:40:00.

Primary FortiGate Unit After upgrade:

(global) # diagnose hardware deviceinfo nic port27
==========================================================================
Slot: 1 Module SN: FPC6KFT018902560
Description :FortiASIC NP6 Adapter
Driver Name :FortiASIC Unified NPU Driver
Name :np6_0
PCI Slot :0000:0a:00.0
irq :43
Board :FGT6000F
SN :FPC6KFT018902560
Major ID :29
Minor ID :0
......
Current_HWaddr 70:4c:a5:01:40:00
Permanent_HWaddr d4:76:a0:30:de:30
(global) # show full | grep group-id
set group-id 30

It is expected that VMAC will change after a major firmware version upgrade in an HA cluster.

Note:

Any version will encounter this behavior upon upgrading to or past these versions. Virtual MAC address assignment has been changed in v7.6.0. For best practices, see this related KB article: Technical Tip: HA Cluster virtual MAC addresses