EMAC Duplicate mac address on different firewalls

aguerriero · ‎07-25-2023

1500D 7.2.5.

I have two 1500Ds each with an EMAC interface on the same vlan.

What criteria is used to generate the EMAC mac address?

Is there a way to change the EMAC mac address or at least control how the address is assigned when the interface is created?

aguerriero · ‎07-25-2023

Changing the HA group-id, on the 3 firewall clusters that had default group 0, allowed for unique EMAC mac addresses.

View solution in original post

AlexC-FTNT · ‎07-25-2023

Not possible individually, but last example here may cover your requirement:
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/212317/enhanced-mac-vlan

- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -

aguerriero · ‎07-25-2023

That didn't change the mac.

It looks like the format for the virtual mac device ID is derived in part from group-id in system ha.

00:09:0f:09:<GROUP-ID>:<SOME-OTHER-NUMBER>

Can this be verified by someone?

aguerriero · ‎07-25-2023

Changing the HA group-id, on the 3 firewall clusters that had default group 0, allowed for unique EMAC mac addresses.

AlexC-FTNT · ‎07-25-2023

Yes, when it comes to clusters, if the virtual mac is used, the cluster ID must be different. This is a requirement for all clusters in a network, but also all clusters added to same security fabric

- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -

EMAC Duplicate mac address on different firewalls

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website