Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bainwave
New Contributor

Internal1 mac address creating IP Conflict

Hello All, Got Fortigate 80C unit. All of a sudden, my internal 1 port started sending ip conflict to the machines in my network. This i found in the affected machines event viewer. The event viewer throwing a message stating that this ip is used by a machine with xx xx xx xx xx mac address. That mac address belongs to internal 1 port of fortinet firewall. The following were tried on the affected machine.... 1. Removed and re installed the LAN drivers twice 2. Changed the ports and cables as well.. 3. Finally formatted the machine and re installed the OS and drivers Despite of working for the last 2 days we did not able resolve the issue. I have servers in production. Your advise in highly appreciable. Thanks in advance.
14 REPLIES 14
Dave_Hall
Honored Contributor

How are the machines in your network assigned IP addresses? Through DHCP? Is port1 on the Fortigate configured with a static IP or is it assigned via DHCP as well? If DHCP is involved, it may be easier to just log into the DHCP server, locate the MAC address or IP address entry (in the pool of leased IPs) and delete it. Have the machine renew it' s IP address. If this is not possible then check the machine' s nic driver for a " soft hardware address" setting that you can change. (Alternately, releasing/renewing the IP address on the machine about 20 times may also work.) If you are seeing multiple conflicting IP addresses on the network then look for a rouge DHCP server or computer running ICS.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
bainwave

Dave, Once again thanks for suggestion. My environment is running on static IP' s and there is no chance for the users to change the IP address. Checked the environment for Rogue DHCP servers but nothing found.
ede_pfau
Esteemed Contributor III

Is the conflicting IP address the interface address of ' internal1' ? It might as well be - (one of) the secondary IP address(es) of ' internal1' - a VIP Which host is the culprit - the FGT or the other host mentioned in the log entry? In other words, is the other host legitimately using the conflicting IP address? For a quick scan of the FGT configuration, backup the config and open it in a text editor. Search for the conflicting IP address.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
bainwave
New Contributor

Oops, Sorry for the delay in replying as am not well. I checked the backup file as advsied, but there is no reference of duplicate ip. Need your experts advise. Thanks in advance
ede_pfau
Esteemed Contributor III

Still I suspect that you have configured a VIP on the internal port of the FGT with a misfitting network mask. Could you please post the config for port ' internal' ? As the internal address is not critical security-wise.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Dave_Hall
Honored Contributor

Just to summarize the problem: the computers in your network are assigned static IP addresses and more than 1 computer is receiving reports (in event viewer) that there is a IP conflict. The source mac address of the IP conflict is that of the Fortigate Internal port? Almost sounds as if a firewall policy was configured from internal -> internal with NAT enabled. (If that is even possible.)

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
manish

This problem still exist.. is this a bug or how it is ?

bainwave
New Contributor

Team, Thanks for the speedy response. Will check again the configuration. BTW, I enabled webproxy in the firewall for some users which are at a far location. The ip is using for webproxy is the same internal ip. Is that creating issue? just got the thought and sharing with you? will upload the settings in a few hours. Once again thanks
Dave_Hall
Honored Contributor

BTW, I enabled webproxy in the firewall for some users which are at a far location. The ip is using for webproxy is the same internal ip. Is that creating issue?
What was this set up? How is those users traffic getting routed to/from the Fortigate?

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Labels
Top Kudoed Authors