I have two firewalls, lan and wan. Lan firewall has DHCP. The users on the LAN go to the internet through the wan firewall. The logs from the lan firewall to the wan firewall show the user's mac address. However, in the logs from the wan firewall to the internet, the interface mac address of the wan firewall appears. Why can this happen?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @rcpdkc ,
Some questions:
1) What are the firmware versions on two FGT devices?
2) "Lan firewall has DHCP"
Do you mean that internal LAN users get IPs via DHCP server on the LAN FGT?
3) "The users on the LAN go to the internet through the wan firewall."
I believe that the traffic flow is going through the LAN FGT first, then through the WAN FGT, right?
4) "The logs from the lan firewall to the wan firewall show the user's mac address."
4.1) What are the logs? The Traffic logs or something else?
4.2) Where are the logs? On the LAN FGT or the WAN FGT or both?
4.3) Can you attach the screenshot of the log and/or the RAW log?
Created on 12-15-2024 05:23 AM Edited on 12-15-2024 05:24 AM
1. Both 7.0.15
2. Yes.
3. Yes, that's right.
4 yes correct.
4.1 yes traffic logs.
4.2 both have traffic.
The user goes to the internet through the lan firewall and then through the wan firewall.
Hi rcpdkc,
This is normal, mac address are local to broadcast-domains, they do not cross networks. Once a Firewall is a L3-L7 device the mac address between subnets are 'replaced' by the mac address of the interfaces on each subnet.
Do some search on 'how broadcast domain works'. Fortinet documentation do not explain that but if you search for CCNA material from Cisco you will found very good references.
Ah, did @rcpdkc mean "pcap" for "logs"?
No. Fortigate firewall log.
Both firewalls are fortigate? Is there any way to synchronize this?
What did you mean by synchronize it?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.