How to View User MAC Address or PC Name in FortiGate Logs Through an L3 Switch?

VivianChen · ‎03-19-2025

Hello everyone, I'm a newbie~

Currently, my situation is that the FG connected to an Layer 3 switch. I would like to see the user's PC name or MAC address in the FG logs.

From what I understand, since the Layer 3 switch uses IP routing, it doesn't obtain the MAC addresses of devices connected downstream from the switch. I’d like to ask if anyone knows a way to achieve this.

sean3 · ‎03-19-2025

I don't know how your Fortigate is connected with the layer 3 switch

In my case fortigate is connected with the core switch in layer 3 manner (IP address configured to each end). I can only view the source IP and the device ID. But since it is layer 3 , the device ID (mac address) is just the mac address of the next hop of the route to the device.

unless the VLAN's gateway is directly configured on fortigate, otherwise I don't belive you can view the real mac address from the log.

to view the log in Fortigate, go to Log & report -> Forward Traffic. You can view more column if you want.

I am grateful for all your replies and assistance.

VivianChen · ‎03-20-2025

I understand what you're saying. So currently, there's no way for the switch to reveal the client's MAC address to the FG, right?

sean3 · ‎03-20-2025

open CLI in fortigate and use get system arp, is the output what you want? I can't find other way to get MAC address from log

I am grateful for all your replies and assistance.

maulishshah · ‎03-21-2025

Hi Vivian, If FortiGate is acting as DHCP server then yes you can see MAC address but if it is coming over the switch then FortiGate has only the Switch MAC address in the ARP table.

I hope this explains what you are looking, if not please update the thread.

Maulish Shah

How to View User MAC Address or PC Name in FortiGate Logs Through an L3 Switch?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website