Skip to main content
darisandy
Staff
darisandy
Staff
December 23, 2024

Technical Tip: VRRP Role status on FortiGate Chassis 7000E

  • December 23, 2024
  • 0 replies
  • 342 views
Description This article describes the VRRP Role status on FIM and FPM of FortiGate Chassis 7000E.
Scope FortiGate-7000E.
Solution

When VRRP is configured on certain interfaces, which unit becomes the VRRP Master can be assigned by configuring the priority.

 

Example.

 

  • Unit 1:

 

edit "To_Core"
    set ip 10.10.10.2 255.255.255.240
    set allowaccess ping
    set vrrp-virtual-mac enable
        config vrrp
            edit 150
                set vrgrp 500
                set vrip 10.10.10.1
                set priority 50
            next
          end
              set role lan
              set interface "1-A1"

          next

 

  • Unit 2:

 

edit "To_Core"

    set ip 10.10.10.3 255.255.255.240
    set allowaccess ping
    set vrrp-virtual-mac enable
        config vrrp
            edit 150
            set vrgrp 500
            set vrip 10.10.10.1
            set priority 150
            set vrdst 0.0.0.0
        next
      end
          set role lan
          set interface "1-A1"
      next

 

The VRRP Status

  •  Unit 1:

 

get router info vrrp
Slot: 2 Module SN: FIMaaaa
Interface: To_Core, primary IP address: 10.10.10.2
UseVMAC: 1, SoftSW: 0, BrPortIdx: 0, PromiscCount: 1
HA mode: primary (4:0:39) VRRP master number: 1
CHLB: slave (4:39)
VRID: 150 verion: 2
vrip: 10.10.10.1, priority: 50 (50,0), state: MASTER
adv_interval: 1, preempt: 1, ignore_dft: 0 start_time: 3
master_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:96
vrdst: 0.0.0.0
vrgrp: 500


Slot: 3 Module SN: FPMbbbb
Interface: To_Core, primary IP address: 10.10.10.2
UseVMAC: 1, SoftSW: 0, BrPortIdx: 0, PromiscCount: 0
HA mode: primary (4:0:39) VRRP master number: 0
CHLB: master (4:39)
VRID: 150 verion: 2
vrip: 10.10.10.1, priority: 50 (50,0), state: BACKUP
adv_interval: 1, preempt: 1, ignore_dft: 0 start_time: 3
master_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:96
vrdst: 0.0.0.0
vrgrp: 500

 

  • Unit 2:

 

Slot: 2 Module SN: FIMcccc
Interface: To_Core, primary IP address: 10.10.10.3
UseVMAC: 1, SoftSW: 0, BrPortIdx: 0, PromiscCount: 1
HA mode: primary (4:0:40) VRRP master number: 1
CHLB: slave (4:40)
VRID: 150 verion: 2
vrip: 10.10.10.1, priority: 150 (150,0), state: MASTER
adv_interval: 1, preempt: 1, ignore_dft: 0 start_time: 3
master_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:96
vrdst: 0.0.0.0
vrgrp: 500

Slot: 3 Module SN: FPMdddd
Interface: To_Core, primary IP address: 10.10.10.3
UseVMAC: 1, SoftSW: 0, BrPortIdx: 0, PromiscCount: 1
HA mode: primary (4:0:40) VRRP master number: 1
CHLB: master (4:40)
VRID: 150 verion: 2
vrip: 10.10.10.1, priority: 150 (150,0), state: MASTER
adv_interval: 1, preempt: 1, ignore_dft: 0 start_time: 3
master_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:96
vrdst: 0.0.0.0
vrgrp: 500

 

  • Unit 1 FIM module showing state as MASTER, even though it has a lower priority of 50.
  • The FPM module is showing the correct status as BACKUP.

 

This is an expected behavior, because of some hardware limitations on the FortiGate Chassis-7000E series.

Even though FIM shows the wrong status, the traffic will be processed accordingly based on FPM status.

 

    Terms & ConditionsCookie settingsAccessibility statement