Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rcpdkc
Contributor II

Fortinac-F Multiple Host Problem

I have this problem with Fortinac. I have a port and computer A is plugged into this port. When computer B is plugged into the same port, both computer A and B appear under the port even though computer A is not plugged in. Even though I deleted computer A, it is still under the port. The device is quarantined because there is more than one device. Fortiswitch can be used.

1 Solution
ebilcari

Try to change the mac-retention-period 0 as shown here.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

8 REPLIES 8
ebilcari
Staff
Staff

This seem like an issue with the switch MAC table information, L2 polling or SNMP traps not properly configured. Is this FortiSwitch managed by a FortiGate or is in standalone mode?

If the MAC address is still reported by the switch, FortiNAC will not remove the host from the port.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
rcpdkc

It's run by a fortigate.

ebilcari

Please refer to the troubleshooting section of the integration guide and verify if FNAC can successfully L2 poll the FGT (API/HTTPS access needed) and at least one notification method is configured, through syslog or SNMP MAC traps.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
rcpdkc

On Fortigate, both A and B devices appear on the port. However, when I look at the switch mac table, only a appears. Why is the port information not transferred properly over fortilink?

ebilcari

This seems like a compatibility issue between the FGT and FSW, kindly check the FortiLink compatibility matrix and choose the combination with 'R' if it's possible.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
ebilcari

Try to change the mac-retention-period 0 as shown here.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
rcpdkc

Hello. This command solved my problem. Thank you for this.

ebilcari

Thank you for confirming, glad I could help!

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors