Strange questions about Virtual Wire pairs and MAC addresses

Catkin038 · ‎03-18-2025

1742302546197(1).jpg
Switching from
case1
to
case2
and then back to
case1
results in an issue where obtaining an IP address fails, and even manually configuring the IP address does not allow normal network access. Changing the MAC address can immediately resolve the issue, or waiting approximately 5 minutes or restarting the Fortigate can also resolve it. This issue does not occur when bypassing the Fortigate.

Below is my Debug Flow result:

Packet Trace #890	2025/3/18 20:25	vd-root:0 received a packet(proto=17, 0.0.0.0:68->255.255.255.255:67) tun_id=0.0.0.0 from internal4.
Packet Trace #890	2025/3/18 20:25	allocate a new session-0042a27f
Packet Trace #890	2025/3/18 20:25	in-[internal4], out-[]
Packet Trace #890	2025/3/18 20:25	len=0
Packet Trace #890	2025/3/18 20:25	result: skb_flags-06000000, vid-0, ret-no-match, act-accept, flag-00000000
Packet Trace #890	2025/3/18 20:25	in-[internal4], out-[internal3], skb_flags-06000000, vid-0
Packet Trace #890	2025/3/18 20:25	gnum-100004, use int hash, slot=98, len=4
Packet Trace #890	2025/3/18 20:25	checked gnum-100004 policy-2, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-100004 policy-5, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-100004 policy-13, ret-matched, act-accept
Packet Trace #890	2025/3/18 20:25	ret-matched
Packet Trace #890	2025/3/18 20:25	gnum-4e25, check-5f02979c
Packet Trace #890	2025/3/18 20:25	checked gnum-4e25 policy-6, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-4e25 policy-6, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-4e25 policy-6, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	gnum-4e25 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000
Packet Trace #890	2025/3/18 20:25	policy-13 is matched, act-accept
Packet Trace #890	2025/3/18 20:25	after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-13
Packet Trace #890	2025/3/18 20:25	send out via dev-internal3, dst-mac-ff:ff:ff:ff:ff:ff
Packet Trace #890	2025/3/18 20:25	in-[internal4], out-[], skb_flags-06000000, vid-0
Packet Trace #890	2025/3/18 20:25	gnum-100011, check-5f02a9f0
Packet Trace #890	2025/3/18 20:25	after check: ret-no-match, act-drop, flag-00000000, flag2-00000000
Packet Trace #890	2025/3/18 20:25	gnum-100001, check-5f02979c
Packet Trace #890	2025/3/18 20:25	after check: ret-no-match, act-accept, flag-00000000, flag2-00000000
Packet Trace #890	2025/3/18 20:25	gnum-10000e, check-5f02979c
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000e policy-4294967295, ret-matched, act-accept
Packet Trace #890	2025/3/18 20:25	policy-4294967295 is matched, act-drop
Packet Trace #890	2025/3/18 20:25	gnum-10000e check result: ret-matched, act-drop, flag-00000000, flag2-00000000
Packet Trace #890	2025/3/18 20:25	after check: ret-matched, act-drop, flag-00000000, flag2-00000000
Packet Trace #890	2025/3/18 20:25	gnum-10000f, check-5f02979c
Packet Trace #890	2025/3/18 20:25	checked gnum-10000f policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000f policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000f policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000f policy-4294967295, ret-no-match, act-accept
Packet Trace #890	2025/3/18 20:25	checked gnum-10000f policy-4294967295, ret-matched, act-accept
Packet Trace #890	2025/3/18 20:25	policy-4294967295 is matched, act-drop
Packet Trace #890	2025/3/18 20:25	gnum-10000f check result: ret-matched, act-drop, flag-00000800, flag2-00000000
Packet Trace #890	2025/3/18 20:25	after check: ret-matched, act-drop, flag-00000800, flag2-00000000

Catkin038 · ‎03-18-2025

I use a FortiGate-61E with v7.2.10 build1706 (Mature) system.

Strange questions about Virtual Wire pairs and MAC addresses

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website