Hello FG admins
Could there be any kind of problem if FortiGate in NAT mode sees the same MAC addresses through two independent interfaces?
This is not common at all but can happen when you have for some reason one host with one NIC connected to a L2 switch connected to 2 different interfaces on FG.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If those two ports are independent, they can not have the same subnet. If the IP of the device/MAC matches on p1 side, the p2 side would ignore L2 frames with the MAC arrived at the port. Because it's bound to p1 on the ARP table.
Toshi
Tested and confirmed.. Thanks again Toshi.
So a single switch and a single FortiGate. Why would the firewall ever see two MACs on different ports then? Is there two downstream links to the single switch? If so why? Why aren't these in an aggregate interface instead?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.