Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BensonLEI
Contributor

Hosts mac addr are not fully shown in FTG 60E ?

Hi, guys,

 

In office,

1. a Ftg60E (NAT mode) with FortiOS v6.0.4,

2. The Ftg LAN interface is 10.11.1.1 /24 ( with secondary IP = 10.10.1.1 /24)

3. LAN network is a flat topology ( simple with some hub/layer 2 switches ) 

 

In Ftg60E, I can not find the full ARP table of network hosts ( workstations and devices ), but the full ARP table can be found in my workstation, example as the following tables:

 

ARP table in Ftg60E :

-----------------------

F60Mgt1-# get sys arp Address          Age(min) Hardware Addr Interface 10.11.1.3        0            00:0c:29:43:cf:9c lan 10.11.1.31      1            00:11:32:67:12:49 lan 61.61.61.254  0            55:66:77:5c:c8:99 wan2 10.11.1.220   5             00:0c:29:e6:fc:8f lan 10.11.1.219   5             b0:c5:54:59:40:95 lan 10.11.1.214   14           b0:c5:54:58:98:2b lan 10.11.1.213   4            78:a5:dd:0f:5b:b8 lan 10.11.1.212   0            78:a5:dd:0f:5b:b8 lan 10.11.1.211   1            b0:c5:54:58:99:e1 lan 10.11.1.97     0            40:8d:5c:39:06:ff lan 10.10.1.177   0            e0:d5:5e:35:b1:e9 lan 10.11.1.96    0            40:8d:5c:39:05:00 lan 10.11.1.10    1           00:0c:29:8b:ae:1d lan 10.10.1.33    1           14:18:77:32:de:f6 lan 58.58.58.254 0           55:66:77:5c:c8:88 wan1 10.10.1.31    1           44:39:c4:94:a4:3a lan 10.10.1.2      0          00:0c:29:76:c3:59 lan

F60Mgt1-#

 

 

ARP table in my workstation :

----------------------------------

C:\Users>arp -a

Interface: 192.168.92.1 --- 0x7 Internet Address Physical Address Type 192.168.92.254 00-50-56-f8-ae-20 dynamic 192.168.92.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.2.2 01-00-5e-7f-02-02 static 239.255.102.18 01-00-5e-7f-66-12 static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static

 

Interface: 10.10.1.177 --- 0xc Internet Address Physical Address Type 10.10.1.1 00-ff-3d-40-01-2c dynamic 10.10.1.2 00-0c-29-76-c3-59 dynamic 10.10.1.3 00-0c-29-43-cf-92 dynamic 10.10.1.10 00-0c-29-8b-ae-27 dynamic 10.10.1.83 00-0c-29-05-13-05 dynamic 10.10.1.86 00-0c-29-89-74-68 dynamic 10.10.1.101 08-62-66-27-9c-44 dynamic 10.10.1.112 08-62-66-29-ac-c9 dynamic 10.10.1.127 d0-67-e5-2b-41-a6 dynamic 10.10.1.142 00-09-0f-09-00-06 dynamic 10.10.1.176 e0-d5-5e-3f-64-b8 dynamic 10.10.1.190 70-b5-e8-28-e3-6c dynamic 10.10.1.200 ac-9e-17-4b-c0-ee dynamic 10.10.1.203 e0-d5-5e-3f-69-c1 dynamic 10.10.1.255 ff-ff-ff-ff-ff-ff static 10.11.1.1 00-ff-3d-40-01-2c dynamic 10.11.1.3 00-0c-29-43-cf-9c dynamic 10.11.1.21 ac-a8-8e-0e-9c-25 dynamic 10.11.1.31 00-11-32-67-12-49 dynamic 10.11.1.96 40-8d-5c-39-05-00 dynamic 10.11.1.97 40-8d-5c-39-06-ff dynamic 10.11.1.98 fc-aa-14-eb-26-9b dynamic 10.11.1.112 08-62-66-29-ac-c9 dynamic 10.11.1.190 70-b5-e8-28-e3-6c dynamic 10.11.1.200 60-79-4f-cf-bb-6e dynamic 10.11.1.203 98-de-d0-03-d9-19 dynamic 10.11.1.212 12-cd-82-e4-61-91 dynamic 10.11.1.214 b0-c5-54-58-98-2b dynamic 10.11.1.215 08-62-66-29-ac-c9 dynamic 10.11.1.219 b0-c5-54-59-40-95 dynamic 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.2.2 01-00-5e-7f-02-02 static 239.255.102.18 01-00-5e-7f-66-12 static 239.255.255.250 01-00-5e-7f-ff-fa static

 

 

The following ARP tables are not found in Ftg60E, but found in my workstation

( no matter my workstation configured with the subnet - 10.10.1.x or 10.11.1.x )

---------------------------------------------------------------------------------------------

10.10.1.3 00-0c-29-43-cf-92 dynamic 10.10.1.10 00-0c-29-8b-ae-27 dynamic 10.10.1.83 00-0c-29-05-13-05 dynamic 10.10.1.86 00-0c-29-89-74-68 dynamic 10.10.1.101 08-62-66-27-9c-44 dynamic 10.10.1.112 08-62-66-29-ac-c9 dynamic 10.10.1.127 d0-67-e5-2b-41-a6 dynamic 10.10.1.142 00-09-0f-09-00-06 dynamic 10.10.1.176 e0-d5-5e-3f-64-b8 dynamic 10.10.1.190 70-b5-e8-28-e3-6c dynamic 10.10.1.200 ac-9e-17-4b-c0-ee dynamic 10.10.1.203 e0-d5-5e-3f-69-c1 dynamic

 

 

Any problem in the Ftg60E, and any advice ?

 

Thanks a lot. 

 

 

 

 

 

 

 

 

 

 

 

2 REPLIES 2
lobstercreed
Valued Contributor

Are the missing endpoints communicating with the Internet (or other networks through the FortiGate) or do they just do local traffic normally?  I suspect the latter, and this would be completely normal behavior if you understand ARP's purpose. 

 

The other thing is aging time...even if they do communicate through the FortiGate sometimes, if they don't send traffic for 5 minutes they'll most likely be dropped from that table:  https://docs.fortinet.com/document/fortigate/6.0.0/handbook/952549/arp-traffic 

Kangming
Staff
Staff

Hi 

Maybe the ARP maintenance mechanism of workstations and FGT be different. In order to quickly reclaim arp entries, FGT deletes ARP entries as soon as possible when there is no session/traffic to save memory resources. 

 

You can ping the destination host through the FGT, and then check the ARP entry of this host. As long as there is a host that generates traffic, it must be in arp and FGT.

 

Thank you.

Thanks

Kangming

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors