How to change the mgmt mac address of FG firewall?

shingzhk · ‎10-27-2019

Hi~

Recently my company purchase two FG101e firewall and I did put their mgmt port into the subnet for my management.

I found the connection is good while only one of them was turn on, and not good when both of them here.

As a result, I found all of their mgmt port mac address are the same.

The way I search on Google is not works, there is no "set macaddr <MAC address>" on my ssh CLI.

The following is my command log

FG101ETK19003839 # FG101ETK19003839 # config system int

FG101ETK19003839 (interface) # edit mgmt

FG101ETK19003839 (mgmt) # set m (?) management-ip High Availability in-band management IP address of this interface. mtu-override Enable to set a custom MTU for this interface. FG101ETK19003839 (mgmt) #

Thank you for your help.

Dave_Hall · ‎10-28-2019

Someone may need to chime in here, but it sounds like you are trying to set up the two 101E in HA mode, in which case I doubt you can set the mac address on any interface of the backup/slave unit. But if you need to access the individual fgts, you can set an in-band management IP address. In HA operating mode the fgt members will behave differently than stand alone fgts.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

emnoc · ‎10-28-2019

If you use dedicated management interfaces than this would not be a issue. Each interface would have a unique interface address and mac-address

Ken Felix

PCNSE

NSE

StrongSwan

Toshi_Esumi · ‎10-28-2019

Check with "diag hard device info mgmt" on each unit. The "Current_HWaddr" should be the same as "Permanent_HWaddr", which is unique, if it's "set dedicated-to management".

Toshi_Esumi · ‎10-28-2019

Typo: supposed to be "diag hard deviceinfo nic mgmt".

How to change the mgmt mac address of FG firewall?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website