Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MikePruett
Valued Contributor

Everytime the Fortigate reboots PC's think it is a new network

Am I the only one that has noticed this.

 

If the Fortigate reboots, all of the PC's that connect to it (if connected directly through Wifi or Ethernet think that it is a new network on reconnect.

 

How do I fix this?

Mike Pruett Fortinet GURU | Fortinet Training Videos
9 REPLIES 9
MikePruett
Valued Contributor

No one has experienced this? or has any ideas? Happens on FortiWIFI's too

Mike Pruett Fortinet GURU | Fortinet Training Videos
Jeroen
Contributor

I had this problem. I think i solved it by configuring a domain.name for the network. Given by the DHCP option on the Fortigate unit.

 

Are you using the DHCP server on the fortigate unit or a separate DHCP server like Windows Server or Linux Distro?

MikePruett
Valued Contributor

mail@jeroenmelis.nl wrote:

I had this problem. I think i solved it by configuring a domain.name for the network. Given by the DHCP option on the Fortigate unit.

 

Are you using the DHCP server on the fortigate unit or a separate DHCP server like Windows Server or Linux Distro?

I am using the DHCP built into the Fortigate.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Dave_Hall
Honored Contributor

Only time I have heard about something like this happening is back in the old XP days with certain 3rd-party security software and/or 3rd party firewalls installed. 

 

Personally, I would treat this as a Network Location Awareness issue and troubleshoot accordingly.  Unfortunately, I do not know enough about the actual process that Windows uses to detect a new network connection -- the linked article just touches briefly on it (creating a GUID for the connection); see also this article on NLA.   A Google search brings up some ESET/McAfee and other issues, with possible workarounds.

 

The closest forum posts I have came across is this one (lots of comments) on what actually may be going on.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
MikePruett

Dave Hall wrote:

Only time I have heard about something like this happening is back in the old XP days with certain 3rd-party security software and/or 3rd party firewalls installed. 

 

Personally, I would treat this as a Network Location Awareness issue and troubleshoot accordingly.  Unfortunately, I do not know enough about the actual process that Windows uses to detect a new network connection -- the linked article just touches briefly on it (creating a GUID for the connection); see also this article on NLA.   A Google search brings up some ESET/McAfee and other issues, with possible workarounds.

 

The closest forum posts I have came across is this one (lots of comments) on what actually may be going on.

 

Yeah, it does this for all clients regardless of base windows install, soft firewall (on or off) base windows firewall, domain, domain configured on the fortigate, pretty much all configurations. We deploy a good number of these things and this has always been something that kinda irked me about it. If it directly connects to the fortigate or fortiwifi, if the device (fortigate) is rebooted the network connection increments. as such: increment-network.gif

 

The network is named Lermins. The Fortigate has been rebooted 15 times over the networks life (due to FW upgrades etc)

Mike Pruett Fortinet GURU | Fortinet Training Videos
Agent_1994
Contributor

Hello Mike,

 

 First: better late than never

 

 I found this post because I have the problem at home (FortiWifi 60E), my network has a domain name and it still happens.

 

 Thank's to Dave's mention of NLA I read about it and found that my FortiGate changes it's "internal" MAC address every time i reboot. Moments ago it was 00-ff-29-7e-70-33, now it's 00-ff-d8-15-f2-83. If you take a look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged, you'll see all those network stacking up, and the only difference is the MAC address.

 

 My "internal" interface is a switch that bridges another switch (the lan ports) and the wireless network:

 

config system virtual-switch     edit "lan"         set physical-switch "sw0"         set span disable         config port             edit "lan1"                 set speed auto                 set status up                 set alias ''             next             edit "lan2"                 set speed auto                 set status up                 set alias ''             next             edit "lan3"                 set speed auto                 set status up                 set alias ''             next             edit "lan4"                 set speed auto                 set status up                 set alias ''             next             edit "lan5"                 set speed auto                 set status up                 set alias ''             next         end     next end config system switch-interface     edit "internal"         set vdom "root"         set member "lan" "wifi hydra"     next end config system interface     edit "internal"         set vdom "root"         set ip 172.20.1.1 255.255.255.0         set allowaccess ping https ssh capwap         set type switch         set device-identification enable         set fortiheartbeat enable         set role lan         set snmp-index 7     next end

 HTH.

Agent_1994

 

 Posting this workaround in case someone stumble upon this problem: as you can see, I have a physical switch with the ethernet ports, and then a switch interface that joins the former switch with the WiFi SSID.

 

 I found out that FortiWifi's internal interface took the MAC address from the WiFi SSID, and that MAC was kinda random (I dont know how it's built).

 

 The solution was to configure a fixed MAC address:

 

config system interface     edit "wifi hydra"         set vdom "root"         set type vap-switch         set role lan         set snmp-index 11         set macaddr 00:ff:9c:d3:3e:7f     next end

 And voilá, no more "Dormammu, I found a new network" everytime I reboot the FortiWifi.

 

 Tested on FortiWifi 50e + FortiOS 6.0.3.

AlexFeren
New Contributor III

Agents 1994's solution worked for me when I was on 6.0.x, however, after upgrading to 6.4.x, it stopped.

 

Is there a new option to prevent Fortigate from randomizing MAC addresses at boot?

 

Details: FWF # show system interface wire_less_ssw config system interface     edit "wire_less_ssw"         set vdom "root"         set ip 192.168.1.2 255.255.255.0         set allowaccess ping https ssh fabric         set type switch         set device-identification enable         set role lan         set snmp-index 8     next end FWF # show system switch-interface wire_less_ssw config system switch-interface     edit "wire_less_ssw"         set vdom "root"         set member "internal" "wifi"     next end FWF # show system interface internal config system interface     edit "internal"         set vdom "root"         set type hard-switch         set stp enable         set snmp-index 6     next end FWF # show system virtual-switch internal config system virtual-switch     edit "internal"         set physical-switch "sw0"         config port             edit "internal1"             next             edit "internal2"             next             edit "internal3"             next             edit "internal4"             next             edit "internal5"             next             edit "internal6"             next             edit "internal7"             next         end     next end FWF # show system interface wifi config system interface     edit "wifi"         set vdom "root"         set type vap-switch         set role lan         set snmp-index 7         set macaddr 00:88:01:01:01:01     next end In 6.0.12: FWF # diagnose netlink brctl name host wire_less_ssw show bridge control interface wire_less_ssw host. fdb: size=2048, used=9, num=9, depth=1, simple=switch Bridge wire_less_ssw host table port no device  devname  mac addr                ttl     attributes :   2     21      wifi     00:88:01:01:01:01       0       Local Static    However, in 6.4.5: FWF # diagnose netlink brctl name host wire_less_ssw show bridge control interface wire_less_ssw host. fdb: size=2048, used=14, num=14, depth=1, ageing-time=300, simple=switch Bridge wire_less_ssw host table port no device  devname mac addr                ttl     attributes :   2     22      wifi    00:ff:15:AA:BB:CC       0       Local Static :

Client: $ arp -a Interface: 192.168.1.19 --- 0x3   Internet Address      Physical Address      Type   192.168.1.2           00-ff-15-AA-BB-CC     dynamic :

AlexFeren
New Contributor III

Fixed in 6.4.6.

Labels
Top Kudoed Authors