Switching from
case1
to
case2
and then back to
case1
results in an issue where obtaining an IP address fails, and even manually configuring the IP address does not allow normal network access. Changing the MAC address can immediately resolve the issue, or waiting approximately 5 minutes or restarting the Fortigate can also resolve it. This issue does not occur when bypassing the Fortigate.
Below is my Debug Flow result:
Packet Trace #890 | 2025/3/18 20:25 | vd-root:0 received a packet(proto=17, 0.0.0.0:68->255.255.255.255:67) tun_id=0.0.0.0 from internal4. | |||||
Packet Trace #890 | 2025/3/18 20:25 | allocate a new session-0042a27f | |||||
Packet Trace #890 | 2025/3/18 20:25 | in-[internal4], out-[] | |||||
Packet Trace #890 | 2025/3/18 20:25 | len=0 | |||||
Packet Trace #890 | 2025/3/18 20:25 | result: skb_flags-06000000, vid-0, ret-no-match, act-accept, flag-00000000 | |||||
Packet Trace #890 | 2025/3/18 20:25 | in-[internal4], out-[internal3], skb_flags-06000000, vid-0 | |||||
Packet Trace #890 | 2025/3/18 20:25 | gnum-100004, use int hash, slot=98, len=4 | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-100004 policy-2, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-100004 policy-5, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-100004 policy-13, ret-matched, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | ret-matched | |||||
Packet Trace #890 | 2025/3/18 20:25 | gnum-4e25, check-5f02979c | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-4e25 policy-6, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-4e25 policy-6, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-4e25 policy-6, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | gnum-4e25 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000 | |||||
Packet Trace #890 | 2025/3/18 20:25 | policy-13 is matched, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-13 | |||||
Packet Trace #890 | 2025/3/18 20:25 | send out via dev-internal3, dst-mac-ff:ff:ff:ff:ff:ff | |||||
Packet Trace #890 | 2025/3/18 20:25 | in-[internal4], out-[], skb_flags-06000000, vid-0 | |||||
Packet Trace #890 | 2025/3/18 20:25 | gnum-100011, check-5f02a9f0 | |||||
Packet Trace #890 | 2025/3/18 20:25 | after check: ret-no-match, act-drop, flag-00000000, flag2-00000000 | |||||
Packet Trace #890 | 2025/3/18 20:25 | gnum-100001, check-5f02979c | |||||
Packet Trace #890 | 2025/3/18 20:25 | after check: ret-no-match, act-accept, flag-00000000, flag2-00000000 | |||||
Packet Trace #890 | 2025/3/18 20:25 | gnum-10000e, check-5f02979c | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000e policy-4294967295, ret-matched, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | policy-4294967295 is matched, act-drop | |||||
Packet Trace #890 | 2025/3/18 20:25 | gnum-10000e check result: ret-matched, act-drop, flag-00000000, flag2-00000000 | |||||
Packet Trace #890 | 2025/3/18 20:25 | after check: ret-matched, act-drop, flag-00000000, flag2-00000000 | |||||
Packet Trace #890 | 2025/3/18 20:25 | gnum-10000f, check-5f02979c | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000f policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000f policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000f policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000f policy-4294967295, ret-no-match, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | checked gnum-10000f policy-4294967295, ret-matched, act-accept | |||||
Packet Trace #890 | 2025/3/18 20:25 | policy-4294967295 is matched, act-drop | |||||
Packet Trace #890 | 2025/3/18 20:25 | gnum-10000f check result: ret-matched, act-drop, flag-00000800, flag2-00000000 | |||||
Packet Trace #890 | 2025/3/18 20:25 | after check: ret-matched, act-drop, flag-00000800, flag2-00000000 |
I use a FortiGate-61E with v7.2.10 build1706 (Mature) system.
User | Count |
---|---|
2534 | |
1350 | |
795 | |
639 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.