Chapter 9 High Availability for FortiOS 5.0 : VRRP : Configuring VRRP : Example VRRP configuration: VRRP load balancing two FortiGate units and two VRRP groups
  
Example VRRP configuration: VRRP load balancing two FortiGate units and two VRRP groups
In this configuration two VRRP groups are involved. Each FortiGate unit participates in both of them. One FortiGate unit is the master of one group and the other FortiGate unit is the master of the other group. The network distributes traffic between two different default routes (10.31.101.120 and 10.31.101.130). One VRRP group is configured with one of the default route IP addresses and the other VRRP group get the other default route IP address. So during normal operation both FortiGate units are processing traffic and the VRRP groups are used to load balance the traffic between the two FortiGate units.
If one of the FortiGate units fails, the remaining FortiGate unit becomes the master of both VRRP groups. The network sends all traffic for both default routes to this FortiGate unit. The result is a configuration that under normal operation load balances traffic between two FortiGate units, but if one of the FortiGate units fails, all traffic fails over to the unit that is still operating.
This example also includes enabling the VRRP virtual MAC address on both FortiGate unit port2 interfaces so that the VRRP groups use their VRRP virtual MAC addresses.
Figure 220: Example VRRP configuration with two FortiGate units and two VRRP groups
To configure the FortiGate units
1. Log into the CLI of FortiGate unit A.
2. Enter the following command to enable the VRRP virtual MAC address feature and add the VRRP groups to the port2 interface of FortiGate unit A:
config system interface
edit port2
set vrrp-virtual-mac enable
config vrrp
edit 50 (32)
set vrip 10.31.101.120
set priority 255
next
edit 100 (64)
set vrip 10.31.101.130
set priority 50
end
end
3. Log into the CLI of FortiGate unit B.
4. Enter the following command to enable the VRRP virtual MAC address feature and add the VRRP groups to the port2 interface of FortiGate unit B:
config system interface
edit port2
set vrrp-virtual-mac enable
config vrrp
edit 50
set vrip 10.31.101.120
set priority 50
next
edit 100
set vrip 10.31.101.130
set priority 255
end
end