Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ps48625
New Contributor

Duplicate MAC address on two firewall clusters

We have two pairs of Fortinet firewalls in HA mode, one pair in each of our two data centers. The firewalls are 600E's running 6.4.7GA.
We require each cluster to have an IP address on the same VLAN. One cluster has an IP of 10.1.3.1 and one cluster has an IP of 10.1.3.2.
(We are not running VRRP).
However we are finding that the two clusters both have the same mac address on their interfaces (see output from a switch)
10.1.3.2 0009-0f09-0005 20 D-0 XGE1/0/19
10.1.3.1 0009-0f09-0005 20 D-0 Eth-Trunk1
Could you let me know how I can resolve this issue? Having looked at various documents I believe that I need to set the HA "group ID" of one
of the clusters, as both of the clusters currently have a default id of zero. Am I right in thinking that I need to do the following?
(1) Attach to both HA firewalls in one of the data centers with a console cable
(2) run the commands as follows:
config system ha
set group-id 1
Please let me know if this is the correct solution and whether this will cause significant downtime.
Many thanks

Peter Shastri
Peter Shastri
4 REPLIES 4
sagha
Staff
Staff

Hi Peter, 

 

Please look into the following article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-A-conflict-HA-virtual-MAC-address-in-the-d...

 

Thank you. 

Shahan

ps48625
New Contributor

Many thanks Shahan that is just what I was looking for.

Peter Shastri
Peter Shastri
sagha
Staff
Staff

Hi Peter,  

 

Glad you found the answers you were looking for. 

 

Thanks, 

Shahan

LaWzssts
New Contributor

The mac address issue can be resolved by setting the HA "group ID" of one of the clusters. To do this, you will need to attach to both HA firewalls in one of the data centers with a console cable and run the following commands: config system ha set group-id 1. This will cause some downtime, but it should be minimal. If you have further problems, I would recommend working with experts in the IT domain that helped me to run and set up a big server for my node business. They are the most receptive guys.

Top Kudoed Authors