Skip to main content
Fullmoon
Fullmoon
New Member
April 26, 2018
Question

VRRP vs HA

  • April 26, 2018
  • 1 reply
  • 11972 views

could somebody shed what would be the advantages of using VRRP over HA or vice versa?

 

I have lots of successful deployment of HA in the past and anyone could share docs configuring 2 fortigate for VRRP?

 

thanks in advance.

    1 reply

    Philippe_Gagne
    Philippe_Gagne
    New Member
    May 4, 2018

    Hi,

     

    In my mind, it's not for the same purpose. Anyway, here is what I think about this:

     

    HA: Hardware High-Availability with the option to use it "Active-Active". Devices must be the same model and version. No exception to it. But, I think you already know that! :)

     

    VRRP: Really a failover solution, no Active-Active option. Hardware can be different. It can be a Fortigate with a switch, another routeur's brand, etc. 

     

    A project I have right now: 2 x Fortigate 200E in Main Office with 1 x Fortigate 80E in a Recovery location. There a L2 optical fiber between them, different ISP on each location. VPN of all remotes brach offices will be terminated to Main and Recovery locations, if the Fortigate's HA crash, Fortigate 80E will takeover with VRRP and become the default gateway of the server VLAN. 

     

    Does it sound good? :)

     

    Philippe

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    May 4, 2018

    Just to stress the already mentioned points:

    HA is not only a hardware failover solution but a fully synchronized one - complete configuration, session table, routes etc. etc. And complete failover in 1-5 seconds (!).

     

    VRRP is used if

    1- the vendor has no HA solution

    or

    2- otherwise incompatible hardware needs to be secured for failover

    and

    3- minutes to fail over is acceptable

     

    IMHO geographical distance is NOT a reason against HA. A HA cluster of Fortigates can comprise more than 2 devices (even if that's not the default scenario). You can have a recovery site completely synchronized and fail over in seconds, with identical hardware of course. And, HA config is child's play. IMHO invalueable.

    emnoc
    emnoc
    New Member
    May 4, 2018

    To  add to Ede good post, VRRP is a solution if you had a FGt140D and FGT100D at a customer site  and need an "gateway available  solution "

     

    IMHO: it's not need to  use VRRP if you have like as-is  Hardware  ( model version support contract etc....)

     

    Ken

     

    Terms & ConditionsAccessibility statement