Currently, in my customer's network. There's L3SW between Fortigate and devices. So, the log is getting the same MAC address and same hostname for multiple IP address.
As I see in 'Device Definitions' that I getting from Detect and Identify device functions. Fortigate can get device name properly in this section. Is there anyway to get this information appear in the log too?
English isn't my native language. Sorry, if some word is kind of confusing.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Welcome to the forums.
I would bet that the FGT is getting the device information from the OID (first 6 bytes of the MAC address). Since all you have is a single IP address, I would think there is no way to get the device name from any table. Even DNS depends on the IP address.
My opinion.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Fortigate and L3SW is within same subnet, but the device default gateway is at L3SW. L3SW forward the traffic again to the Fortigate.
I think Fortigate is getting the MAC address from L3SW, that's why the hostname is the same for multiple IP address.
What I curious about is Fortigate can get the device name properly in Device definition section. Can these information also appear in Log section?
I deducted that the Device definition section hostname was resolved by IP address. But the Forward Traffic log was resolved by MAC address.
I have the same problems that appear to make much of the Fortiview on my HA stack of 900D's unusable.
We have Cisco Nexus 5548's L3SW between the firewall and the access switches in the IDF's as are the internal AD controllers and other management and network supporting system. The Interfaces on the 900D are used to wall-off CDE/PCI-DSS users and servers from other users to reduce PCI-DSS scope.
Sadly it looks like I'll need to do a "forklift" overhaul to use many of the features we purchased the Fortigate for.
I guess I had too much hope that the AD FSSO agent on the controllers would allow the cool Layer7 stuff to work without huge rebuild to make it all work.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.