Fortinet black logo

Handbook

Single-domain VRRP example

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:903324
Download PDF

Single-domain VRRP example

This example includes a VRRP domain consisting of two FortiGates that connect an internal network to the internet. As shown below, the internal network’s default route is 10.31.101.120.

The FortiGate port2 interfaces connect to the internal network. A VRRP virtual router is added to each FortiGate’s port2 interface. The virtual router IP address is 10.31.101.120 (the internal network’s default route) and the virtual router’s ID is 5. The VRRP priority of the primary router is set to 255 and the VRRP priority of the backup router is 50. The port2 interface of each FortiGate should have an IP address that is different from the virtual router IP address and the port2 interface IP addresses should be different from each other.

This example also includes enabling the VRRP virtual MAC address on both FortiGate port2 interfaces so that the VRRP domain uses the VRRP virtual MAC address.

Example VRRP configuration with two FortiGates

To configure the FortiGates for VRRP
  1. Select one of the FortiGates to be the primary VRRP router and the other to be the backup router.
  2. From the primary router CLI, enter the following command to enable the VRRP virtual MAC address on the port2 interface and add the VRRP virtual router to the port2 interface:

    config system interface

    edit port2

    set vrrp-virtual-mac enable

    config vrrp

    edit 5

    set vrip 10.31.101.120

    set priority 255

    end

    end

  3. From the backup router CLI, enter the following command to enable the VRRP virtual MAC address on the port2 interface and add the VRRP virtual router to the port2 interface:

    config system interface

    edit port2

    set vrrp-virtual-mac enable

    config vrrp

    edit 5

    set vrip 10.31.101.120

    set priority 50

    end

    end

Single-domain VRRP example

This example includes a VRRP domain consisting of two FortiGates that connect an internal network to the internet. As shown below, the internal network’s default route is 10.31.101.120.

The FortiGate port2 interfaces connect to the internal network. A VRRP virtual router is added to each FortiGate’s port2 interface. The virtual router IP address is 10.31.101.120 (the internal network’s default route) and the virtual router’s ID is 5. The VRRP priority of the primary router is set to 255 and the VRRP priority of the backup router is 50. The port2 interface of each FortiGate should have an IP address that is different from the virtual router IP address and the port2 interface IP addresses should be different from each other.

This example also includes enabling the VRRP virtual MAC address on both FortiGate port2 interfaces so that the VRRP domain uses the VRRP virtual MAC address.

Example VRRP configuration with two FortiGates

To configure the FortiGates for VRRP
  1. Select one of the FortiGates to be the primary VRRP router and the other to be the backup router.
  2. From the primary router CLI, enter the following command to enable the VRRP virtual MAC address on the port2 interface and add the VRRP virtual router to the port2 interface:

    config system interface

    edit port2

    set vrrp-virtual-mac enable

    config vrrp

    edit 5

    set vrip 10.31.101.120

    set priority 255

    end

    end

  3. From the backup router CLI, enter the following command to enable the VRRP virtual MAC address on the port2 interface and add the VRRP virtual router to the port2 interface:

    config system interface

    edit port2

    set vrrp-virtual-mac enable

    config vrrp

    edit 5

    set vrip 10.31.101.120

    set priority 50

    end

    end