Example VRRP configuration: VRRP load balancing two FortiGates and two VRRP groups

Submit Search

Example VRRP configuration: VRRP load balancing two FortiGates and two VRRP groups

In this configuration two VRRP groups are involved. Each FortiGate participates in both of them. One FortiGate is the primary router of one group and the other FortiGate is the primary router of the other group. The network distributes traffic between two different default routes (10.31.101.120 and 10.31.101.130). One VRRP group is configured with one of the default route IP addresses and the other VRRP group gets the other default route IP address. During normal operation, both FortiGates are processing traffic and the VRRP groups are used to load balance the traffic between the two FortiGates.

If one of the FortiGates fails, the remaining FortiGate becomes the primary router of both VRRP groups. The network sends all traffic for both default routes to this FortiGate. The result is a configuration that, under normal operation load, balances traffic between two FortiGates, but if one of the FortiGates fails, all traffic fails over to the FortiGate that is still operating.

This example also includes enabling the VRRP virtual MAC address on both FortiGate port2 interfaces so that the VRRP groups use their VRRP virtual MAC addresses.

Example VRRP configuration with two FortiGates and two VRRP groups

To configure the FortiGates

Log into the CLI of FortiGate A.
Enter the following to enable the VRRP virtual MAC address feature and add the VRRP groups to the port2 interface of FortiGate A:

config system interface

edit port2

set vrrp-virtual-mac enable

config vrrp

edit 50 (32)

set vrip 10.31.101.120

set priority 255

edit 100 (64)

set vrip 10.31.101.130

set priority 50

end

Log into the CLI of FortiGate B.
Enter the following command to enable the VRRP virtual MAC address feature and add the VRRP groups to the port2 interface of FortiGate B: