Skip to main content
Arzkaz2
Arzkaz2
New Member
May 20, 2026
Question

Fortinac 7.6 N+1 and backup IP

  • May 20, 2026
  • 1 reply
  • 27 views

Hi!

There is very general guide to use backup ip:

https://docs.fortinet.com/document/fortinac-f/7.6.0/n-1-failover-group-and-load-balancing/433478/option-2-using-backup-ip-for-n-1-failover-group

Not so well explained in that documentation.

What are the real differences of Shared and Independent mode?

 

This functionality also seems not to be finished yet(testing 7.6.6)?

 

For example:

If i test “shared” with this simple setup:

Result:

When primary is “running” and secondary is “standby”

Primary uses the backup address as secondary address in port1:

BUT, when secondary gets active after failover, it adds the IP address to the defined VLAN:
 


So is this expected? Why does primary use secondary address in port1, but secondary uses VLAN???

----

Then the “Indedpendent” mode:
 

RESULT:
When primary is active, backup IP doesn’t exist at all
 

 

BUT when the secondary node becomes active, it has the backup address as secondary address in port1:
 

This isn’t expected either?

 

 

And last:

If i remove shared configuration, backup ip is still living in ip addr output. Only reboot removes it…

AND 

CoA messages are not originated from the defined backup ip.

 

Any comments?

Or have I misunderstood something?

BR, A

    1 reply

    Arzkaz2
    Arzkaz2Author
    New Member
    May 20, 2026

    Now I’m rethinking: is this only “backup” IP, and NOT “VRRP”-type address, that is always assigned to active member.

    So in SWITCH side: Should I create 2 RADIUS servers, where 

    • First is the real address of primary
    • Second is the backup IP address

    ?

    I have imagined, that I can use only one address at switch for RADIUS (backup IP)...

     

    Terms & ConditionsAccessibility statement