We have two pairs of Fortinet firewalls in HA mode, one pair in each of our two data centers. The firewalls are 600E's running 6.4.7GA.
We require each cluster to have an IP address on the same VLAN. One cluster has an IP of 10.1.3.1 and one cluster has an IP of 10.1.3.2.
(We are not running VRRP).
However we are finding that the two clusters both have the same mac address on their interfaces (see output from a switch)
10.1.3.2 0009-0f09-0005 20 D-0 XGE1/0/19
10.1.3.1 0009-0f09-0005 20 D-0 Eth-Trunk1
Could you let me know how I can resolve this issue? Having looked at various documents I believe that I need to set the HA "group ID" of one
of the clusters, as both of the clusters currently have a default id of zero. Am I right in thinking that I need to do the following?
(1) Attach to both HA firewalls in one of the data centers with a console cable
(2) run the commands as follows:
config system ha
set group-id 1
Please let me know if this is the correct solution and whether this will cause significant downtime.
Many thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Peter,
Please look into the following article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-A-conflict-HA-virtual-MAC-address-in-the-d...
Thank you.
Shahan
Many thanks Shahan that is just what I was looking for.
Hi Peter,
Glad you found the answers you were looking for.
Thanks,
Shahan
The mac address issue can be resolved by setting the HA "group ID" of one of the clusters. To do this, you will need to attach to both HA firewalls in one of the data centers with a console cable and run the following commands: config system ha set group-id 1. This will cause some downtime, but it should be minimal. If you have further problems, I would recommend working with experts in the IT domain that helped me to run and set up a big server for my node business. They are the most receptive guys.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.