Description
This article describes the Virtual MAC (VMAC) changes post major firmware version upgrade in HA cluster.
Scope
FortiGate.
Solution
To calculate VMAC, see this document.
While upgrading the major firmware versions in FortiGate like 5.4 to 5.6 or 5.6 to 6.0, it is possible to see the virtual MAC address change.
The following is the CLI output showing the current VMAC for firmware Major Version 5.4 with a VMAC address for the primary as 00:09:0f:09:00:16.
Primary FortiGate before upgrade:
Fortigate-100D-Primary # get sys status
Version: FortiGate-100D v5.4.10,build1220,180821 (GA)
Fortigate-100D-Primary # get hardware nic wan1
Driver_Name e1000e
Driver_Version 3.2.4.2-NAPI
MAC_Type 3
IRQ 16
System_Device_Name wan1
Current_HWaddr 00:09:0f:09:00:16
Permanent_HWaddr 00:09:0f:9d:5d:8e
Fortigate-100D-Primary (ha) # show full | grep group-id
set group-id 10
After upgrading the FortiGate from major version 5.4 to 5.6, the primary FortiGate changed VMAC as 00:09:0f:09:0a:16.
Primary FortiGate Unit After upgrade:
Fortigate-100D-Primary # get sys status
Version: FortiGate-100D v5.6.9,build1673,190513 (GA)
Fortigate-100D-Primary # get hardware nic wan1
Driver_Name e1000e
Driver_Version 3.2.4.2-NAPI
MAC_Type 3
IRQ 16
System_Device_Name wan1
Current_HWaddr 00:09:0f:09:0a:16
Permanent_HWaddr 00:09:0f:9d:5d:8e
Fortigate-100D-Primary (ha) # show full | grep group-id
set group-id 10
It is an expected behavior that VMAC will change after a major firmware version upgrade in an HA cluster.
Note: Virtual MAC address calculation has been once again changed in 6.0.2 GA and 6.2.0 GA. Any previous FortiOS version will encounter this behavior upon upgrading to or past these versions.
For best practices, see the related article below.
Related article: