Hi, guys,
In office,
1. a Ftg60E (NAT mode) with FortiOS v6.0.4,
2. The Ftg LAN interface is 10.11.1.1 /24 ( with secondary IP = 10.10.1.1 /24)
3. LAN network is a flat topology ( simple with some hub/layer 2 switches )
In Ftg60E, I can not find the full ARP table of network hosts ( workstations and devices ), but the full ARP table can be found in my workstation, example as the following tables:
ARP table in Ftg60E :
-----------------------
F60Mgt1-# get sys arp Address Age(min) Hardware Addr Interface 10.11.1.3 0 00:0c:29:43:cf:9c lan 10.11.1.31 1 00:11:32:67:12:49 lan 61.61.61.254 0 55:66:77:5c:c8:99 wan2 10.11.1.220 5 00:0c:29:e6:fc:8f lan 10.11.1.219 5 b0:c5:54:59:40:95 lan 10.11.1.214 14 b0:c5:54:58:98:2b lan 10.11.1.213 4 78:a5:dd:0f:5b:b8 lan 10.11.1.212 0 78:a5:dd:0f:5b:b8 lan 10.11.1.211 1 b0:c5:54:58:99:e1 lan 10.11.1.97 0 40:8d:5c:39:06:ff lan 10.10.1.177 0 e0:d5:5e:35:b1:e9 lan 10.11.1.96 0 40:8d:5c:39:05:00 lan 10.11.1.10 1 00:0c:29:8b:ae:1d lan 10.10.1.33 1 14:18:77:32:de:f6 lan 58.58.58.254 0 55:66:77:5c:c8:88 wan1 10.10.1.31 1 44:39:c4:94:a4:3a lan 10.10.1.2 0 00:0c:29:76:c3:59 lan
F60Mgt1-#
ARP table in my workstation :
----------------------------------
C:\Users>arp -a
Interface: 192.168.92.1 --- 0x7 Internet Address Physical Address Type 192.168.92.254 00-50-56-f8-ae-20 dynamic 192.168.92.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.2.2 01-00-5e-7f-02-02 static 239.255.102.18 01-00-5e-7f-66-12 static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static
Interface: 10.10.1.177 --- 0xc Internet Address Physical Address Type 10.10.1.1 00-ff-3d-40-01-2c dynamic 10.10.1.2 00-0c-29-76-c3-59 dynamic 10.10.1.3 00-0c-29-43-cf-92 dynamic 10.10.1.10 00-0c-29-8b-ae-27 dynamic 10.10.1.83 00-0c-29-05-13-05 dynamic 10.10.1.86 00-0c-29-89-74-68 dynamic 10.10.1.101 08-62-66-27-9c-44 dynamic 10.10.1.112 08-62-66-29-ac-c9 dynamic 10.10.1.127 d0-67-e5-2b-41-a6 dynamic 10.10.1.142 00-09-0f-09-00-06 dynamic 10.10.1.176 e0-d5-5e-3f-64-b8 dynamic 10.10.1.190 70-b5-e8-28-e3-6c dynamic 10.10.1.200 ac-9e-17-4b-c0-ee dynamic 10.10.1.203 e0-d5-5e-3f-69-c1 dynamic 10.10.1.255 ff-ff-ff-ff-ff-ff static 10.11.1.1 00-ff-3d-40-01-2c dynamic 10.11.1.3 00-0c-29-43-cf-9c dynamic 10.11.1.21 ac-a8-8e-0e-9c-25 dynamic 10.11.1.31 00-11-32-67-12-49 dynamic 10.11.1.96 40-8d-5c-39-05-00 dynamic 10.11.1.97 40-8d-5c-39-06-ff dynamic 10.11.1.98 fc-aa-14-eb-26-9b dynamic 10.11.1.112 08-62-66-29-ac-c9 dynamic 10.11.1.190 70-b5-e8-28-e3-6c dynamic 10.11.1.200 60-79-4f-cf-bb-6e dynamic 10.11.1.203 98-de-d0-03-d9-19 dynamic 10.11.1.212 12-cd-82-e4-61-91 dynamic 10.11.1.214 b0-c5-54-58-98-2b dynamic 10.11.1.215 08-62-66-29-ac-c9 dynamic 10.11.1.219 b0-c5-54-59-40-95 dynamic 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.2.2 01-00-5e-7f-02-02 static 239.255.102.18 01-00-5e-7f-66-12 static 239.255.255.250 01-00-5e-7f-ff-fa static
The following ARP tables are not found in Ftg60E, but found in my workstation
( no matter my workstation configured with the subnet - 10.10.1.x or 10.11.1.x )
---------------------------------------------------------------------------------------------
10.10.1.3 00-0c-29-43-cf-92 dynamic 10.10.1.10 00-0c-29-8b-ae-27 dynamic 10.10.1.83 00-0c-29-05-13-05 dynamic 10.10.1.86 00-0c-29-89-74-68 dynamic 10.10.1.101 08-62-66-27-9c-44 dynamic 10.10.1.112 08-62-66-29-ac-c9 dynamic 10.10.1.127 d0-67-e5-2b-41-a6 dynamic 10.10.1.142 00-09-0f-09-00-06 dynamic 10.10.1.176 e0-d5-5e-3f-64-b8 dynamic 10.10.1.190 70-b5-e8-28-e3-6c dynamic 10.10.1.200 ac-9e-17-4b-c0-ee dynamic 10.10.1.203 e0-d5-5e-3f-69-c1 dynamic
Any problem in the Ftg60E, and any advice ?
Thanks a lot.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are the missing endpoints communicating with the Internet (or other networks through the FortiGate) or do they just do local traffic normally? I suspect the latter, and this would be completely normal behavior if you understand ARP's purpose.
The other thing is aging time...even if they do communicate through the FortiGate sometimes, if they don't send traffic for 5 minutes they'll most likely be dropped from that table: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/952549/arp-traffic
Hi
Maybe the ARP maintenance mechanism of workstations and FGT be different. In order to quickly reclaim arp entries, FGT deletes ARP entries as soon as possible when there is no session/traffic to save memory resources.
You can ping the destination host through the FGT, and then check the ARP entry of this host. As long as there is a host that generates traffic, it must be in arp and FGT.
Thank you.
Thanks
Kangming
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.