Primary FortiGate before upgrade:Fortigate-100D-Primary # get sys statusAfter upgrading the FortiGate from major version 5.4 to 5.6, the primary FortiGate changed VMAC as 00:09:0f:09:0a:16.
Version: FortiGate-100D v5.4.10,build1220,180821 (GA)
Fortigate-100D-Primary # get hardware nic wan1
Driver_Name e1000e
Driver_Version 3.2.4.2-NAPI
MAC_Type 3
IRQ 16
System_Device_Name wan1
Current_HWaddr 00:09:0f:09:00:16
Permanent_HWaddr 00:09:0f:9d:5d:8e
Fortigate-100D-Primary (ha) # show full | grep group-id
set group-id 10
Primary FortiGate Unit After upgrade:Fortigate-100D-Primary # get sys statusIt is an expected behavior that VMAC will change post major firmware version upgrade in HA cluster.
Version: FortiGate-100D v5.6.9,build1673,190513 (GA)
Fortigate-100D-Primary # get hardware nic wan1
Driver_Name e1000e
Driver_Version 3.2.4.2-NAPI
MAC_Type 3
IRQ 16
System_Device_Name wan1
Current_HWaddr 00:09:0f:09:0a:16
Permanent_HWaddr 00:09:0f:9d:5d:8e
Fortigate-100D-Primary (ha) # show full | grep group-id
set group-id 10
Note.
Virtual mac address calculation has been once again changed in 6.0.2 GA and 6.2.0 GA, any previous FOS will encounter this behavior when they upgrade and pass this releases. However, the behavior will not be present when upgrading from 6.0.2 or later to newer builds.
For best practice refer to the KB in the field 'Related Articles'.Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.