Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BensonLEI
Contributor

Fortigate interfaces mac address changed

Hi guys, 

 

We have Forti400E HA pairs topology ( with FortiOS V6.4.2 ) in the production network, and intend to change the interface MAC add; do we need to change the same mac add for both devices at the same time, or just change the MAC add in primary/master Forti400E ( it will synch the mac add to the secondary/slave Forti400E ) ?

 

Thanks so much for your advice

 

 

3 Solutions
MarMar
New Contributor II

Hi,

 

Every FortiGate physical interface has two MAC addresses: the current hardware address and the permanent hardware address. The permanent hardware address cannot be changed, it is the actual MAC address of the interface hardware. The current hardware address can be changed.

 

For an operating cluster, the current hardware address of each cluster unit interface is changed to the HA virtual MAC address by the FGCP. The macaddr option is not available for a functioning cluster. You cannot change an interface MAC address and you cannot view MAC addresses from the system interface CLI command.

 

MarMar

View solution in original post

boneyard
Valued Contributor

how are you going to change the MAC address?

 

if this is based on the group-id in the ha settings i believe this needs to be done on both units.

 

if in another way please share how.

View solution in original post

MarMar
New Contributor II

Hi BensonLEI,

 

what you say is true if you are not talking about HA Cluster. In this case the FGCP (Fortigate Cluster Protocol) manages the current addresses and it is no longer possible to set them manually.

In this part of the documentation it is a bit clearer.

 

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/996579/cluster-virtual-mac-addresses

 

MarMar

View solution in original post

8 REPLIES 8
MarMar
New Contributor II

Hi,

 

Every FortiGate physical interface has two MAC addresses: the current hardware address and the permanent hardware address. The permanent hardware address cannot be changed, it is the actual MAC address of the interface hardware. The current hardware address can be changed.

 

For an operating cluster, the current hardware address of each cluster unit interface is changed to the HA virtual MAC address by the FGCP. The macaddr option is not available for a functioning cluster. You cannot change an interface MAC address and you cannot view MAC addresses from the system interface CLI command.

 

MarMar

BensonLEI

Hi, MARMAR,

 

Thanks so much for your information.

 

Based on my finding, two mac addr are defined for a fortigate interface ( current and perm. mac add), as you state.

 

But the current mac add can be viewed and changed:

 

https://kb.fortinet.com/kb/documentLink.do?externalID=FD30888.

 

 

Cheers

 

 

 

 

MarMar
New Contributor II

Hi BensonLEI,

 

what you say is true if you are not talking about HA Cluster. In this case the FGCP (Fortigate Cluster Protocol) manages the current addresses and it is no longer possible to set them manually.

In this part of the documentation it is a bit clearer.

 

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/996579/cluster-virtual-mac-addresses

 

MarMar

BensonLEI

Hi, MARMAR,

 

Thanks so much for your information, now I understand.

I am running the Fortigate HA pair,  can I change the Cluster-ID for the different virtual mac add ( any device reboot if the mac add is changed) ? 

 

Cheers

boneyard
Valued Contributor

BensonLEI wrote:

I am running the Fortigate HA pair,  can I change the Cluster-ID for the different virtual mac add ( any device reboot if the mac add is changed) ? 

yes you can change cluster-id and it will change the virtual MAC, that happens directly after the change.

BensonLEI

Correct, thx a lot

boneyard
Valued Contributor

how are you going to change the MAC address?

 

if this is based on the group-id in the ha settings i believe this needs to be done on both units.

 

if in another way please share how.

BensonLEI

Hi, Boneyard,

 

Great help.

 

Cheers

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors