| The preempt setting in VRRP determines whether FortiGate with a higher priority can take over as the primary device when it becomes available. Preempt Enabled: If preempt is enabled, FortiGate with a higher priority will take over as the primary device when it becomes available.
Preempt Disabled: If preempt is disabled, FortiGate with a higher priority will not take over as the primary device and will remain as backup device. This helps avoid unnecessary failovers and network flaps.
VRRP can be used between FortiGate with third party devices as well to maintain high availability. In this setup, two FortiGate devices are used. Site A: config system interface
edit "port19"
set vdom "root"
set ip 192.168.168.11 255.255.255.0
set allowaccess ping https http
set type physical
set vrrp-virtual-mac enable
set snmp-index 19 config vrrp
edit 10
set vrgrp 10
set vrip 192.168.168.15
set priority 150
set preempt disable
next
end
next
end Site B: config system interface
edit "port19"
set vdom "root"
set ip 192.168.168.10 255.255.255.0
set allowaccess ping https http
set type physical
set vrrp-virtual-mac enable
set snmp-index 19 config vrrp
edit 10
set vrgrp 10
set vrip 192.168.168.15
set priority 250
set preempt disable
next
end
next
end Before the Failover, Site B is the Primary unit with priority 250. SiteB # get router info vrrp
Interface: port19, primary IP address: 192.168.168.10
UseVMAC: 1, SoftSW: 0, EmacVlan: 0 BrPortIdx: 0, PromiscCount: 1
HA mode: primary (0:0:1) VRRP primary number: 1
VRID: 10 verion: 2
vrip: 192.168.168.15, priority: 250 (250,0), state: PRIMARY
adv_interval: 1, preempt: 0, ignore_dft: 0 start_time: 3
primary_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:0a
vrdst:
vrgrp: 10 Site A is the backup with priority 150: Site-A # get router info vrrp
Interface: port19, primary IP address: 192.168.168.11
UseVMAC: 1, SoftSW: 0, EmacVlan: 0 BrPortIdx: 0, PromiscCount: 0
HA mode: primary (0:0:1) VRRP primary number: 0
VRID: 10 verion: 2
vrip: 192.168.168.15, priority: 150 (150,0), state: BACKUP
adv_interval: 1, preempt: 0, ignore_dft: 0 start_time: 3
primary_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:0a
vrdst:
vrgrp: 10 Bring down the Primary device VRRP interface, replicating it as a failover interface: Site-A # get router info vrrp
Interface: port19, primary IP address: 192.168.168.11
UseVMAC: 1, SoftSW: 0, EmacVlan: 0 BrPortIdx: 0, PromiscCount: 1
HA mode: primary (0:0:1) VRRP primary number: 1
VRID: 10 verion: 2
vrip: 192.168.168.15, priority: 150 (150,0), state: PRIMARY
adv_interval: 1, preempt: 0, ignore_dft: 0 start_time: 3
primary_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:0a
vrdst:
vrgrp: 10 Now enable the Primary device VRRP interface: SiteB # get router info vrrp
Interface: port19, primary IP address: 192.168.168.10
UseVMAC: 1, SoftSW: 0, EmacVlan: 0 BrPortIdx: 0, PromiscCount: 0
HA mode: primary (0:0:1) VRRP primary number: 0
VRID: 10 verion: 2
vrip: 192.168.168.15, priority: 250 (250,0), state: BACKUP
adv_interval: 1, preempt: 0, ignore_dft: 0 start_time: 3
primary_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:0a
vrdst:
vrgrp: 10 Site A is the Primary unit for the traffic and remains working as the Primary until the next failover happens due to the pre-empt option being disabled. Related documents: Preempt mode Technical Tip: FortiGate VRRP configuration and debug | 
