device managemant in new 5.2 firmware

mello_03 · ‎08-07-2014

Hi I don' t know if this is the right section to post. I update my fortigate 110c to 5.2 and i saw the fantastic device management function. I activated it on port 1 in my fortigate. Port 1 is connected to cisco 3750 core switch and use different vlan from users devices. A route is configured in cisco 3750 to redirect all traffic to fortigate port 1. Going to " user & device/device/device definitions" I can see online mac address. My problem is that all traffic coming from users devices, going through cisco are detected to coming from one source mac addres, that is the cisco 3750 mac address. When I refresh page I see ip address change every time. Right ip address and mac combination that I see are only from devices with the same vlan of fortigate port 1. is there a way to map the ip address from other vlan i ndevice management? Regards Andrea Armellini

Warren_Olson_FTNT · ‎08-12-2014

mello, Do you see all of the arp entries for these hosts in: diag sys arp Or do you still only see the cisco mac? if the cisco is acting as layer 3 youre only going to see the source of the " router" since that' s part of the routing process to update the layer 2 source/dest mac as it forwards traffic.

mello_03 · ‎08-13-2014

Hi I don' t find " diag sys arp" command, I try these: FW-Montecchio-Internet # get system arp Address Age(min) Hardware Addr Interface 10.5.1.254 0 00:13:1a:af:58:c4 port1 " public ip" 0 00:00:0c:07:ac:0a wan1 FW-Montecchio-Internet # get sys arp Address Age(min) Hardware Addr Interface 10.5.1.254 0 00:13:1a:af:58:c4 port1 " public ip" 0 00:00:0c:07:ac:0a wan1 10.5.1.254 is my cisco core switch. Is there anything I can do to forward devices mac to my fortigate? Regards

ede_pfau · ‎08-13-2014

 diag ip arp list

is the correct diag command. This lists some more details but essentially the same info on MACs. ARP is layer 2 - if the traffic the FGT sees is routed to it you have no chance to see those original MAC addresses. That' s how routing is designed.

Ede Kernel panic: Aiee, killing interrupt handler!

jesusrmz · ‎01-13-2015

Hi, ... what could be the solution to this issue?

We have a cisco catalyst core switch in L3 and routing all internet traffic to the Fortigate, but can not see all the devices en "Device Definition".

Is there a way to tell the cisco to send the original source MAC Addresses?

-- JesÃºs RamÃrez Security & Data Integrity Systems Engineer Afina Sistemas www.afina-la.com

ede_pfau · ‎01-14-2015

No, there is no way to use one device's MAC on a different link and the same MAC for communicating with the device itself.

A router replaces the original MAC in a routed packet with it's own MAC so the device receiving the packet knows to whom it sends it back. Basic routing.

What is preserved is the originating IP address. Maybe you can use that to identify the device.

Ede Kernel panic: Aiee, killing interrupt handler!

device managemant in new 5.2 firmware

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website