Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BensonLEI
Contributor

Created on ‎10-22-2020 07:46 PM

Fortigate interfaces mac address changed

Hi guys, 

 

We have Forti400E HA pairs topology ( with FortiOS V6.4.2 ) in the production network, and intend to change the interface MAC add; do we need to change the same mac add for both devices at the same time, or just change the MAC add in primary/master Forti400E ( it will synch the mac add to the secondary/slave Forti400E ) ?

 

Thanks so much for your advice

 

 

23853
0 Kudos
3 Solutions
MarMar
New Contributor II

Created on ‎10-23-2020 05:32 AM

Hi,

 

Every FortiGate physical interface has two MAC addresses: the current hardware address and the permanent hardware address. The permanent hardware address cannot be changed, it is the actual MAC address of the interface hardware. The current hardware address can be changed.

 

For an operating cluster, the current hardware address of each cluster unit interface is changed to the HA virtual MAC address by the FGCP. The macaddr option is not available for a functioning cluster. You cannot change an interface MAC address and you cannot view MAC addresses from the system interface CLI command.

 

MarMar

View solution in original post

20517
0 Kudos
boneyard
Valued Contributor

Created on ‎10-23-2020 06:53 AM

how are you going to change the MAC address?

 

if this is based on the group-id in the ha settings i believe this needs to be done on both units.

 

if in another way please share how.

View solution in original post

20517
0 Kudos
MarMar
New Contributor II
In response to BensonLEI

Created on ‎10-27-2020 02:11 AM

Hi BensonLEI,

 

what you say is true if you are not talking about HA Cluster. In this case the FGCP (Fortigate Cluster Protocol) manages the current addresses and it is no longer possible to set them manually.

In this part of the documentation it is a bit clearer.

 

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/996579/cluster-virtual-mac-addresses

 

MarMar

View solution in original post

20517
0 Kudos
8 REPLIES 8
MarMar
New Contributor II

Created on ‎10-23-2020 05:32 AM

Hi,

 

Every FortiGate physical interface has two MAC addresses: the current hardware address and the permanent hardware address. The permanent hardware address cannot be changed, it is the actual MAC address of the interface hardware. The current hardware address can be changed.

 

For an operating cluster, the current hardware address of each cluster unit interface is changed to the HA virtual MAC address by the FGCP. The macaddr option is not available for a functioning cluster. You cannot change an interface MAC address and you cannot view MAC addresses from the system interface CLI command.

 

MarMar

20518
0 Kudos
BensonLEI
Contributor
In response to MarMar

Created on ‎10-26-2020 07:18 PM

Hi, MARMAR,

 

Thanks so much for your information.

 

Based on my finding, two mac addr are defined for a fortigate interface ( current and perm. mac add), as you state.

 

But the current mac add can be viewed and changed:

 

https://kb.fortinet.com/kb/documentLink.do?externalID=FD30888.

 

 

Cheers

 

 

 

 

20447
0 Kudos
MarMar
New Contributor II
In response to BensonLEI

Created on ‎10-27-2020 02:11 AM

Hi BensonLEI,

 

what you say is true if you are not talking about HA Cluster. In this case the FGCP (Fortigate Cluster Protocol) manages the current addresses and it is no longer possible to set them manually.

In this part of the documentation it is a bit clearer.

 

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/996579/cluster-virtual-mac-addresses

 

MarMar

20518
0 Kudos
BensonLEI
Contributor
In response to MarMar

Created on ‎10-27-2020 03:22 AM

Hi, MARMAR,

 

Thanks so much for your information, now I understand.

I am running the Fortigate HA pair,  can I change the Cluster-ID for the different virtual mac add ( any device reboot if the mac add is changed) ? 

 

Cheers

20447
0 Kudos
boneyard
Valued Contributor
In response to BensonLEI

Created on ‎10-31-2020 11:25 AM

BensonLEI wrote:

I am running the Fortigate HA pair,  can I change the Cluster-ID for the different virtual mac add ( any device reboot if the mac add is changed) ? 

yes you can change cluster-id and it will change the virtual MAC, that happens directly after the change.

20446
0 Kudos
BensonLEI
Contributor
In response to boneyard

Created on ‎11-05-2020 01:47 AM

Correct, thx a lot

20446
0 Kudos
boneyard
Valued Contributor

Created on ‎10-23-2020 06:53 AM

how are you going to change the MAC address?

 

if this is based on the group-id in the ha settings i believe this needs to be done on both units.

 

if in another way please share how.

20518
0 Kudos
BensonLEI
Contributor
In response to boneyard

Created on ‎10-27-2020 03:23 AM

Hi, Boneyard,

 

Great help.

 

Cheers

 

20446
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.