Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wismail
New Contributor

CoreSwitch MACAddress everywhere

I have a core switch that acts as gateway for all the users. 

 

10.10.10.254 Gateway (coreswtich)

 

1. I am seeing traffic from User IP but with core switch MACaddress.

2.I am seeing DNS queries from host with core switch MACaddress to DNS Address that is not configured on the host. 

3.I am seeing wrong IP address associated with this MAC (screen shot)

4.I cannot delete it in devices (delete option is dimmed)

how can i resolve this issue?

DNSTraffic.JPGDNSSwitchMAC.JPGwrongMACIP.JPG

 

Wael Ismail
Wael Ismail
1 Solution
Anthony_E
Community Manager
Community Manager

Here the answer from one of our engineer:

 

'The "core switch" is probably an L3 switch, meaning it replaces MAC addresses.
So any traffic from end device to FGT through switch will arrive at FGT with switch MAC address.


There is nothing we can do, that's just what FGT picks up on.


If you have device detection enabled on FGT interface, then FGT will create a device entry based on switch MAC address.

o clear it, 'dia user device clear' removes all entries, 'dia user device list' lists the entries, and 'dia user device del <MAC address>' clears a single entry.'

Anthony-Fortinet Community Team.

View solution in original post

8 REPLIES 8
Anthony_E
Community Manager
Community Manager

Hello Ismail,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Ismail,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

Could you please indicate which unit you are using and under which version?

 

Thanks a lot in advance.

 

Regards,

Anthony-Fortinet Community Team.
wismail
New Contributor

F81 version 6.4.12

Wael Ismail
Wael Ismail
Anthony_E
Community Manager
Community Manager

Hello Ismail,

 

Thank you. I will indicate this information to find the best solution.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Here the answer from one of our engineer:

 

'The "core switch" is probably an L3 switch, meaning it replaces MAC addresses.
So any traffic from end device to FGT through switch will arrive at FGT with switch MAC address.


There is nothing we can do, that's just what FGT picks up on.


If you have device detection enabled on FGT interface, then FGT will create a device entry based on switch MAC address.

o clear it, 'dia user device clear' removes all entries, 'dia user device list' lists the entries, and 'dia user device del <MAC address>' clears a single entry.'

Anthony-Fortinet Community Team.
wismail

So do you suggest changing the Gateway for all the devices to the FortiGate instead of the Switch? and convert the switch to L2?

Wael Ismail
Wael Ismail
Muhammad_Haiqal

Hi @wismail ,

This depend on your requirements. Which device will be the gateway?
Gateway on Fortigate - Fortigate will handle the routing

Gateway on CoreSwitch - Switch will handle the routing

Layer2 will not involve in handling routing.


Gateway on Fortigate will be more secured as any traffic passing through LAN/VLAN to LAN/VLAN can be inspected by Firewall.

If gateway terminated on the CoreSwitch, traffic  from LAN to LAN did not pass through Fortigate . It will handle internally on the CoreSwitch level only.

haiqal
Top Kudoed Authors