FortiGates can function as master or backup Virtual Router Redundancy Protocol (VRRP) routers and can be quickly and easily integrated into a network that has already deployed VRRP. A FortiGate can be integrated into a VRRP group with any third-party VRRP devices and VRRP can provide redundancy between multiple FortiGates.
In a VRRP configuration, when a FortiGate operating as the master unit fails, a backup unit takes its place and continues processing network traffic. If the backup unit is a FortiGate, the network continues to benefit from FortiOS security features. If the backup unit is a router, after a failure traffic will continue to flow, but FortiOS security features will be unavailable until the FortiGate is back on line. You can include different FortiGate models in the same VRRP group.
FortiOS supports VRRP between two or more FortiGates and between FortiGates and third-party routers that support VRRP. Using VRRP you can assign VRRP routers as master or backup routers. The master router processes traffic and the backup routers monitor the master router and can begin forwarding traffic if the master fails. Similar to the FGCP you can configuration VRRP between multiple FortiGates to provide redundancy. You can also create a VRRP group with a FortiGates and any routers that support VRRP.
In a VRRP configuration that consists of one FortiGate and one router, normally the FortiGate would be the master and all traffic would be processed by the FortiGate. If the FortiGate fails, all traffic switches to the router. Network connectivity is maintained even though FortiGate security features will be unavailable until the FortiGate can is back on line.