FortiOS 6.0 Online Help Link FortiOS 5.6 Online Help Link FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link

Example VRRP configuration: two FortiGates in a VRRP domain

This example includes a VRRP domain consisting of two FortiGates that connect an internal network to the Internet. As shown below, the internal network’s default route is 10.31.101.120.

The FortiGate port2 interfaces connect to the internal network. A VRRP virtual router is added to each FortiGate’s port2 interface. The virtual router IP address is 10.31.101.120 (the internal network’s default route) and the virtual router’s ID is 5. The VRRP priority of the primary router is set to 255 and the VRRP priority of the backup router is 50. The port2 interface of each FortiGate should have an IP address that is different from the virtual router IP address and the port2 interface IP addresses should be different from each other.

This example also includes enabling the VRRP virtual MAC address on both FortiGate port2 interfaces so that the VRRP domain uses the VRRP virtual MAC address.

Example VRRP configuration with two FortiGates

To configure the FortiGates for VRRP
  1. Select one of the FortiGates to be the primary VRRP router and the other to be the backup router.
  2. From the primary router CLI, enter the following command to enable the VRRP virtual MAC address on the port2 interface and add the VRRP virtual router to the port2 interface:

config system interface

edit port2

set vrrp-virtual-mac enable

config vrrp

edit 5

set vrip 10.31.101.120

set priority 255

end

end

 

  1. From the backup router CLI, enter the following command to enable the VRRP virtual MAC address on the port2 interface and add the VRRP virtual router to the port2 interface:

config system interface

edit port2

set vrrp-virtual-mac enable

config vrrp

edit 5

set vrip 10.31.101.120

set priority 50

end

end