I have a core switch that acts as gateway for all the users.
10.10.10.254 Gateway (coreswtich)
1. I am seeing traffic from User IP but with core switch MACaddress.
2.I am seeing DNS queries from host with core switch MACaddress to DNS Address that is not configured on the host.
3.I am seeing wrong IP address associated with this MAC (screen shot)
4.I cannot delete it in devices (delete option is dimmed)
how can i resolve this issue?
Solved! Go to Solution.
Here the answer from one of our engineer:
'The "core switch" is probably an L3 switch, meaning it replaces MAC addresses.
So any traffic from end device to FGT through switch will arrive at FGT with switch MAC address.
There is nothing we can do, that's just what FGT picks up on.
If you have device detection enabled on FGT interface, then FGT will create a device entry based on switch MAC address.
o clear it, 'dia user device clear' removes all entries, 'dia user device list' lists the entries, and 'dia user device del <MAC address>' clears a single entry.'
Hello Ismail,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello Ismail,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Hello,
Could you please indicate which unit you are using and under which version?
Thanks a lot in advance.
Regards,
F81 version 6.4.12
Hello Ismail,
Thank you. I will indicate this information to find the best solution.
Regards,
Here the answer from one of our engineer:
'The "core switch" is probably an L3 switch, meaning it replaces MAC addresses.
So any traffic from end device to FGT through switch will arrive at FGT with switch MAC address.
There is nothing we can do, that's just what FGT picks up on.
If you have device detection enabled on FGT interface, then FGT will create a device entry based on switch MAC address.
o clear it, 'dia user device clear' removes all entries, 'dia user device list' lists the entries, and 'dia user device del <MAC address>' clears a single entry.'
So do you suggest changing the Gateway for all the devices to the FortiGate instead of the Switch? and convert the switch to L2?
Hi @wismail ,
This depend on your requirements. Which device will be the gateway?
Gateway on Fortigate - Fortigate will handle the routing
Gateway on CoreSwitch - Switch will handle the routing
Layer2 will not involve in handling routing.
Gateway on Fortigate will be more secured as any traffic passing through LAN/VLAN to LAN/VLAN can be inspected by Firewall.
If gateway terminated on the CoreSwitch, traffic from LAN to LAN did not pass through Fortigate . It will handle internally on the CoreSwitch level only.
- But if we use core switch to forward lan network between users, it will have better performance
- I used cisco firewall and same model as above but cisco firewall still received device mac address
- Fortigate side seems to use fortiClient can solve the problem of seeing mac address and user domain user with your model
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.