Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Gailardia
New Contributor

Created on ‎03-18-2016 04:30 AM

Is there any way to have the log show hostname resolve from IP?

Currently, in my customer's network. There's L3SW between Fortigate and devices. So, the log is getting the same MAC address and same hostname for multiple IP address.

 

As I see in 'Device Definitions' that I getting from Detect and Identify device functions. Fortigate can get device name properly in this section. Is there anyway to get this information appear in the log too?

 

English isn't my native language. Sorry, if some word is kind of confusing.

5966
0 Kudos
3 REPLIES 3
rwpatterson
Valued Contributor III

Created on ‎03-18-2016 05:02 AM

Welcome to the forums.

 

I would bet that the FGT is getting the device information from the OID (first 6 bytes of the MAC address). Since all you have is a single IP address, I would think there is no way to get the device name from any table. Even DNS depends on the IP address.

 

My opinion.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
2836
0 Kudos
Gailardia
New Contributor

Created on ‎03-18-2016 05:33 AM

Fortigate and L3SW is within same subnet, but the device default gateway is at L3SW. L3SW forward the traffic again to the Fortigate.

 

I think Fortigate is getting the MAC address from L3SW, that's why the hostname is the same for multiple IP address.

 

What I curious about is Fortigate can get the device name properly in Device definition section. Can these information also appear in Log section? 

 

I deducted that the Device definition section hostname was resolved by IP address. But the Forward Traffic log was resolved by MAC address.

2837
0 Kudos
Smartypants
New Contributor
In response to Gailardia

Created on ‎03-20-2016 10:11 AM

I have the same problems that appear to make much of the Fortiview on my HA stack of 900D's unusable.

We have Cisco Nexus 5548's L3SW between the firewall and the access switches in the IDF's as are the internal AD controllers and other management and network supporting system. The Interfaces on the 900D are used to wall-off CDE/PCI-DSS users and servers from other users to reduce PCI-DSS scope.

Sadly it looks like I'll need to do a "forklift" overhaul to use many of the features we purchased the Fortigate for.

I guess I had too much hope that the AD FSSO agent on the controllers would allow the cool Layer7 stuff to work without huge rebuild to make it all work.

2836
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.