Wednesday, September 2, 2015

Fortigate HA port and finding your mac_address

One of the biggest  mystery with the fortigate and FGCP protocol is to find your ipv4 address & the mac_address that uses on the HA port.

Basically the fortigate use a APIPA ipv4 link-only address aka 169.254.0.0/16 range.

The master is typically always defined with 169.254.0.1 the first .2 next slave .3 and so on. You can have up to 4 slave units.

Using the diag sniffer packet command and by defining the port_ha is a good mean for witnessing the interface traffic and finding both the layer2 and layer3 addresses.

e.g ( diag sniffer packet port_ha "any" )




Finding the  interfaces mac_address on a FGT110 master/slaves



Finding the master-unit ipv4 address
( diag sys ha status | grep master )


Using the diag sniffer command and option for displaying the unit  traffic in HEX

see the red and green lines for src /dst mac_address respectively


Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       o 
      /  \

No comments:

Post a Comment