Technical Tip: Floating IP support

shafiq23 · ‎08-25-2025

Description

This article describes floating IP support in FortiADC High Availability modes.

Scope

FortiADC.

Solution

A floating IP is a virtual IP address that can move between different nodes in a high-availability (HA) cluster.

In FortiADC CLI interface configuration, the floating IP feature can be enabled, and a floating IP can be set regardless of the HA modes.

config system interface

edit port1

set floating enable

set floating-ip 10.47.20.78

end

For instance, the configuration below shows FortiADC in Active-Passive and configured with a floating IP.

(P) FortiADC-1 # get sys ha-status
Group ID: 10
Mode: active-passive
State: Primary

(P) FortiADC-1 # get sys interface port1
type : physical
dedicate-to-mgmt : disable
mode : static
vdom : root
redundant-master :
ip : 10.47.20.76/20
ip6 : ::/0
allowaccess : https ping ssh http telnet
mtu : 1500
speed : auto
status : up
retrieve_physical_hwaddr : disable
mac-addr : XX:XX:XX:XX:XX:XX
flow-sniffer : disable
wccp : disable
trust-ip : disable
secondary-ip : disable
ha-node-secondary-ip : disable
traffic-group :
floating : enable
floating-ip : 10.47.20.78
floating-ip6 : ::
recv-seg-offload-override : disable
send-seg-offload-override : disable

The connectivity test shows no response from the configured IP, which suggests it is not reachable on FortiADC or the network.

(P) FortiADC-1 # exe ping 10.47.20.78
PING 10.47.20.78 (10.47.20.78): 56 data bytes
Timeout ...
Timeout ...
Timeout ...
Timeout ...
Timeout ...

--- 10.47.20.78 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

The below CLI output shows that the floating IP address is not in the FortiADC IP list.

(P) FortiADC-1 # diagnose netlink ip list
IP=127.0.0.1 MASK=255.255.255.0 index=1 devname=lo
IP=127.129.1.1 MASK=255.255.255.255 index=1 devname=lo
IP=10.47.20.76 MASK=255.255.240.0 index=4 devname=port1
IP=169.254.29.1 MASK=255.255.0.0 index=19 devname=haport0

Solution:
Use Active/Active or Active/Active-VRRP HA mode. The floating IP address is reachable and registered in the FortiADC IP list.

FortiADC-1 # get sys ha-status
Group ID: 10
Mode: active-active-vrrp
State: VRRP (Active)

FortiADC-1 # get sys interface port1
type : physical
dedicate-to-mgmt : disable
mode : static
vdom : root
redundant-master :
ip : 10.47.20.76/20
ip6 : ::/0
allowaccess : https ping ssh http telnet
mtu : 1500
speed : auto
status : up
retrieve_physical_hwaddr : disable
mac-addr : 00:70:72:65:1d:01
flow-sniffer : disable
wccp : disable
trust-ip : disable
secondary-ip : disable
ha-node-secondary-ip : disable
traffic-group :
floating : enable
floating-ip : 10.47.20.78
floating-ip6 : ::
recv-seg-offload-override : disable
send-seg-offload-override : disable

FortiADC-1 # execute ping 10.47.20.78
PING 10.47.20.78 (10.47.20.78): 56 data bytes
64 bytes from 10.47.20.78: icmp_seq=1 ttl=64 time=0.1 ms
64 bytes from 10.47.20.78: icmp_seq=2 ttl=64 time=0.0 ms
64 bytes from 10.47.20.78: icmp_seq=3 ttl=64 time=0.0 ms
64 bytes from 10.47.20.78: icmp_seq=4 ttl=64 time=0.0 ms
64 bytes from 10.47.20.78: icmp_seq=5 ttl=64 time=0.0 ms

--- 10.47.20.78 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.0/0.0/0.1 ms

FortiADC-1 # diagnose netlink ip list
IP=127.0.0.1 MASK=255.255.255.0 index=1 devname=lo
IP=127.129.1.1 MASK=255.255.255.255 index=1 devname=lo
IP=10.47.20.76 MASK=255.255.240.0 index=4 devname=port1
IP=10.47.20.78 MASK=255.255.255.255 index=4 devname=port1
IP=169.254.29.1 MASK=255.255.0.0 index=19 devname=haport0

Related document:
Advantages of HA Active/Active-VRRP

Technical Tip: Floating IP support

You are leaving our website