Example VRRP configuration: two FortiGates in a VRRP group
This example includes a VRRP group consisting of two FortiGates that connect an internal network to the Internet. As shown below, the internal network’s default route is 10.31.101.120.
The FortiGate port2 interfaces connect to the internal network. A VRRP virtual router is added to each FortiGate’s port2 interface. The virtual router IP address is 10.31.101.120 (the internal network’s default route) and the virtual router’s ID is 5. The VRRP priority of the primary unit is set to 255 and the VRRP priority of the backup unit is 50. The port2 interface of each FortiGate should have an IP address that is different from the virtual router IP address and the port2 interface IP addresses should be different from each other.
This example also includes enabling the VRRP virtual MAC address on both FortiGate port2 interfaces so that the VRRP group uses the VRRP virtual MAC address.
Example VRRP configuration with two FortiGates
To configure the FortiGates for VRRP
- Select one of the FortiGates to be the VRRP primary and the other to be the backup unit.
- From the primary unit’s CLI, enter the following command to enable the VRRP virtual MAC address on the port2 interface and add the VRRP virtual router to the port2 interface:
config system interface
edit port2
set vrrp-virtual-mac enable
config vrrp
edit 5
set vrip 10.31.101.120
set priority 255
end
end
- From the backup unit’s CLI, enter the following command to enable the VRRP virtual MAC address on the port2 interface and add the VRRP virtual router to the port2 interface:
config system interface
edit port2
set vrrp-virtual-mac enable
config vrrp
edit 5
set vrip 10.31.101.120
set priority 50
end
end
Copyright © 2020 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
