Fortinet black logo

FortiGate-7000F Handbook

Home FortiGate-7000 7.0.15 FortiGate-7000F Handbook
7.0.15
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.2.16
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6

FortiGate 7000F VRRP HA

FortiGate 7000F VRRP HA

FortiGate 7000F supports the Virtual Router Redundancy Protocol (VRRP), allowing you to configure VRRP HA between FortiGate 7000F data interfaces. You can also add a FortiGate 7000F data interface to a VRRP domain with other VRRP routers.

To set up a FortiGate 7000F VRRP to provide HA for internet connectivity:

  1. Add a virtual VRRP router to the internal interface to the FortiGate 7000F(s) and routers to be in the VRRP domain.
  2. Set the VRRP IP address of the domain to the internal network default gateway IP address.
  3. Give one of the VRRP domain members the highest priority so it becomes the primary router and give the others lower priorities so they become backup routers.

During normal operation, the primary VRRP router sends outgoing VRRP routing advertisements. Both the primary and backup VRRP routers listen for incoming VRRP advertisements from other routers in the VRRP domain. If the primary router fails, the new primary router takes over the role of the default gateway for the internal network and starts sending and receiving VRRP advertisements.

On the GUI you can go to Network > Interfaces and right click on the column header and add VRRP to the Selected Columns list to see the VRRP status of the data interfaces that are operating as VRRP routers.

You can use the following command to find information about VRRP state synchronization:

diagnose test application vrrpd {1 | 2 | 3 | 4 | 5}

1 resynchronize all FPMs from the primary FPM.

2 send a synchronize request from the current FPM.

3 show statistics.

4 clear all statistics.

5 clear packet age.

For more information about FortiOS VRRP, see FortiGate Handbook: VRRP.

Note

The FortiGate 7000F default VRRP flow rule sends all VRRP packets received from the network to the primary FPC. The primary FPC then handles all VRRP communications with the network and keeps the other FPCs synchronized by sending VRRP packets that it receives to the other FPCs.

FortiGate 7000F default VRRP flow rule:

config load-balance flow-rule
    edit 20
        set status enable
        set vlan 0
        set ether-type ip
        set protocol vrrp
        set action forward
        set forward-slot master
        set priority 6
        set comment "vrrp to primary blade"
    next
end
Previous
Next

FortiGate 7000F VRRP HA

FortiGate 7000F supports the Virtual Router Redundancy Protocol (VRRP), allowing you to configure VRRP HA between FortiGate 7000F data interfaces. You can also add a FortiGate 7000F data interface to a VRRP domain with other VRRP routers.

To set up a FortiGate 7000F VRRP to provide HA for internet connectivity:

  1. Add a virtual VRRP router to the internal interface to the FortiGate 7000F(s) and routers to be in the VRRP domain.
  2. Set the VRRP IP address of the domain to the internal network default gateway IP address.
  3. Give one of the VRRP domain members the highest priority so it becomes the primary router and give the others lower priorities so they become backup routers.

During normal operation, the primary VRRP router sends outgoing VRRP routing advertisements. Both the primary and backup VRRP routers listen for incoming VRRP advertisements from other routers in the VRRP domain. If the primary router fails, the new primary router takes over the role of the default gateway for the internal network and starts sending and receiving VRRP advertisements.

On the GUI you can go to Network > Interfaces and right click on the column header and add VRRP to the Selected Columns list to see the VRRP status of the data interfaces that are operating as VRRP routers.

You can use the following command to find information about VRRP state synchronization:

diagnose test application vrrpd {1 | 2 | 3 | 4 | 5}

1 resynchronize all FPMs from the primary FPM.

2 send a synchronize request from the current FPM.

3 show statistics.

4 clear all statistics.

5 clear packet age.

For more information about FortiOS VRRP, see FortiGate Handbook: VRRP.

Note

The FortiGate 7000F default VRRP flow rule sends all VRRP packets received from the network to the primary FPC. The primary FPC then handles all VRRP communications with the network and keeps the other FPCs synchronized by sending VRRP packets that it receives to the other FPCs.

FortiGate 7000F default VRRP flow rule:

config load-balance flow-rule
    edit 20
        set status enable
        set vlan 0
        set ether-type ip
        set protocol vrrp
        set action forward
        set forward-slot master
        set priority 6
        set comment "vrrp to primary blade"
    next
end
Previous
Next