Change virtual MAC on WAN 1 in a HA Cluster
I have a pair of 80E running in HA cluster with Dual ISP and SD-WAN enabled on 6.2.3 for the last 3 weeks. Since I have enabled HA , my WAN1 interface keeps going down and up every couple of minutes. ( it gets DOWN on SD WAN Performance SLA due to packet loss).
I have troubleshoot it and it appears that it's not receiving back packets from ISP gateway (not receiving reply on the ARP request for gateway MAC address - L2 issue.
I opened and incident at my ISP and after troubleshooting they said the issue is with Fortigate which is using same virtual MAC for all firewalls clusters. Most probably there is another cluster in the same subnet on my WAN ( which is part of a /24)
Indeed, if you look at the Virtual MAC formula here : https://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=11772&languageId=
, unless you change group ID, enable VDOM or virtual cluster will be : 00-09-0f-09-00-00 . Virtual MAC formula is : 00-09-0f-09-<group-id_hex>-<vcluster_integer><idx>
- The second last part of the virtual MAC address depends on the HA group ID and is the same for each cluster interface. The last part of the virtual MAC address is different for each cluster interface.
In this case I would like to change "group ID" on each of the cluster members, starting with slave member and the on the master member.
Q: This change will also change all MAC addresses on all the rest of the interfaces ? Any recommendation ?