Got Fortigate 80C unit. All of a sudden, my internal 1 port started sending ip conflict to the machines in my network. This i found in the affected machines event viewer. The event viewer throwing a message stating that this ip is used by a machine with xx xx xx xx xx mac address. That mac address belongs to internal 1 port of fortinet firewall.
The following were tried on the affected machine....
1. Removed and re installed the LAN drivers twice
2. Changed the ports and cables as well..
3. Finally formatted the machine and re installed the OS and drivers
Despite of working for the last 2 days we did not able resolve the issue. I have servers in production.
Your advise in highly appreciable.
Thanks in advance.
How are the machines in your network assigned IP addresses? Through DHCP? Is port1 on the Fortigate configured with a static IP or is it assigned via DHCP as well?
If DHCP is involved, it may be easier to just log into the DHCP server, locate the MAC address or IP address entry (in the pool of leased IPs) and delete it. Have the machine renew it' s IP address. If this is not possible then check the machine' s nic driver for a " soft hardware address" setting that you can change. (Alternately, releasing/renewing the IP address on the machine about 20 times may also work.)
If you are seeing multiple conflicting IP addresses on the network then look for a rouge DHCP server or computer running ICS.
Once again thanks for suggestion.
My environment is running on static IP' s and there is no chance for the users to change the IP address. Checked the environment for Rogue DHCP servers but nothing found.
Is the conflicting IP address the interface address of ' internal1' ?
It might as well be
- (one of) the secondary IP address(es) of ' internal1'
- a VIP
Which host is the culprit - the FGT or the other host mentioned in the log entry? In other words, is the other host legitimately using the conflicting IP address?
For a quick scan of the FGT configuration, backup the config and open it in a text editor. Search for the conflicting IP address.
Still I suspect that you have configured a VIP on the internal port of the FGT with a misfitting network mask.
Could you please post the config for port ' internal' ? As the internal address is not critical security-wise.
Just to summarize the problem: the computers in your network are assigned static IP addresses and more than 1 computer is receiving reports (in event viewer) that there is a IP conflict. The source mac address of the IP conflict is that of the Fortigate Internal port?
Almost sounds as if a firewall policy was configured from internal -> internal with NAT enabled. (If that is even possible.)
Thanks for the speedy response.
Will check again the configuration.
BTW, I enabled webproxy in the firewall for some users which are at a far location.
The ip is using for webproxy is the same internal ip. Is that creating issue?
just got the thought and sharing with you?
will upload the settings in a few hours.
Once again thanks
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.