Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rcpdkc
Contributor II

Fortigate Mac Adress Problem

I have two firewalls, lan and wan. Lan firewall has DHCP. The users on the LAN go to the internet through the wan firewall. The logs from the lan firewall to the wan firewall show the user's mac address. However, in the logs from the wan firewall to the internet, the interface mac address of the wan firewall appears. Why can this happen?

8 REPLIES 8
dingjerry_FTNT

Hi @rcpdkc ,

 

Some questions:

 

1) What are the firmware versions on two FGT devices?

2) "Lan firewall has DHCP"

Do you mean that internal LAN users get IPs via DHCP server on the LAN FGT?

 

3) "The users on the LAN go to the internet through the wan firewall."

I believe that the traffic flow is going through the LAN FGT first, then  through the WAN FGT, right?

 

4) "The logs from the lan firewall to the wan firewall show the user's mac address."

4.1) What are the logs? The Traffic logs or something else? 

4.2) Where are the logs? On the LAN FGT or the WAN FGT or both?

4.3) Can you attach the screenshot of the log and/or the RAW log?

 

 

Regards,

Jerry
rcpdkc

 

 

1. Both 7.0.15

2. Yes.

3. Yes, that's right.

4 yes correct.

4.1 yes traffic logs.

4.2 both have traffic.

The user goes to the internet through the lan firewall and then through the wan firewall.

DPadula
Staff
Staff

Hi rcpdkc,

This is normal, mac address are local to broadcast-domains, they do not cross networks. Once a Firewall is a L3-L7 device the mac address between subnets are 'replaced' by the mac address of the interfaces on each subnet.

Do some search on 'how broadcast domain works'. Fortinet documentation do not explain that but if you search for CCNA material from Cisco you will found very good references. 

 

 

dingjerry_FTNT

Ah, did @rcpdkc mean "pcap" for "logs"? 

Regards,

Jerry
rcpdkc

No. Fortigate firewall log.

dingjerry_FTNT

Hi @rcpdkc ,

 

As my colleague @DPadula explained, if your FGT is acting as an L3 device, this is expected to see the source MAC address being replaced by the egress interface MAC.

 

If not, please provide screenshots to show us the issue.

Regards,

Jerry
rcpdkc

Both firewalls are fortigate? Is there any way to synchronize this?

DPadula

What did you mean by synchronize it?

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors