Virtual MAC addresses
As we know, each network interface has a unique MAC address (Media Access Control, a unique identifier used to communicate on the physical network segment). The devices and computers connected to our network match every IP address to a MAC address and this information is saved in the ARP cache. The data in the ARP cache is used until their expiration time is reached. So if a cluster should be presented with the MAC addresses of the physical adapters on the different FortiGate units, this would make high reliability impossible because network connected devices would keep searching the MAC address of a failed FortiGate unit until the ARP cache expiration. The solution used for the FGCP protocol, for example, is to assign a virtual MAC address for every single network interface on the primary unit in the cluster. If a failure occurs on the unit, there will be no change in the MAC associated with the highly available IP address. To update the layer 2 switches that are directly...
