FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes a technical issue with FortiGate devices where the MAC address of the gateway is advertised behind its port, causing the MAC address to bounce between ports on a connected Cisco switch. The issue is specific to FortiGate devices running FortiOS version 7.2.x.
Scope
FortiOS version 7.2.
Solution
To verify and resolve the issue, follow the steps below:
Verify that the interface is configured as a VLAN on virtual hardware switch.
config system virtual-switch edit "internal" set physical-switch "sw0"
set vlan 46 config port edit "internal3" next edit "internal5" next end
When the issue occurs on the Cisco switch, logs similar to the following will be generated:
Oct 13 13:42:05.656: %SW_MATM-4-MACFLAP_NOTIF: Host 06d5.9004.f89c in vlan 46 is flapping between port Gi0/1 and port Gi0/6
The issue is not present in FortiOS version 7.4.8 or later. An upgrade is required to avoid this issue.
