Quick & Dirty FortiGate VRRP Config

Below is a basic example of a FortiGate VRRP Config used to provide failover between two FortiGate units. The same config can also be used to provide failover between a FortiGate and a Cisco but that is not covered here. The configs are split on a Primary/Secondary basis and differ slightly from each other in terms of the priority and the

Primary Firewall
config system interface
edit <LAN INTERFACE>
config vrrp
edit 10
     set vrip xxx.xxx.xxx.xxx
     set priority 255
     set status enable
     set preempt enable
end
set vrrp-virtual-mac enable
next
end

Secondary Firewall
config system interface
edit <LAN INTERFACE>
config vrrp
edit 10
     set vrip xxx.xxx.xxx.xxx
     set priority 100
     set status enable
end
set vrrp-virtual-mac enable
next
end
This config is provided with no guarantee that it will work in your environment and I accept no responsibility for misconfiguration or issues caused by using this example.
About Will Curtis 10 Articles
Network Engineer, Productivity Geek, Pretend Photographer & Lego Fanatic. Even heroes have a day job! Networks & telecom engineer with 16 years experience in the IT/Comms industry. Passionate about productivity and GTD methodologies. Amateur [Photo|Video]grapher & dreamer. Apple fan. Dad.

Be the first to comment

Leave a Reply

Your email address will not be published.


*