Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortiview-does not correctly identify macaddres/soucedevice, shows all with mac from core

Hello guys, I have a FG 200D, version 5.6.2, it and my servers are in the same vlan 0. The other machines in sectors are in their vlans 1,2,3,4 ...


When I use Fortiview, it shows the IP but does not correctly identify the mac. I see you're bringing in the mac of the switch core that does the routing of the network.






Is there any configuration that can be made to work correctly, without having to take the routing of the switch core to play on top of the FG?




What if you run get sys arp on the cli? Would it show the mac addresses there correctly?

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3


To see the MAC and proper device identification the devices need to be 'directly' connected to the FortiGate. If your switch is doing routing then the FGT will only see the switches MAC address.


Ideally you would replace the switch with a FortiSwitch to get full visibility on your network and allow much greater centralised control of those devices.


Alternatively you could install FortiClient on the servers and have them register to the the FortiGate to get the correct information.




With FortiSwitch it would be possible, but does not the conventional switches have any configuration that allows this?


Thanks for the feedback




I run the command, several macs from my network 0, because that's where I have FG and Servers. The macs of machines of other vlans do not appear, only a line that is of the switch core that does the routing.        0          74:a2:e6:3a:9d:d1 lan

Top Kudoed Authors