FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to configure VRRP between a FortiGate unit and a Cisco router.
FortiOS firmware version 4.0 MR3
FortiOS firmware version 5.0.x
VRRP can only be configured in the CLI.
config system interface edit "port1" set vdom "root" set ip 192.168.40.3 255.255.255.0 set allowaccess ping ssh http set type physical set vrrp-virtual-mac enable config vrrp edit 40 set vrip 192.168.40.1 next end end
Cisco router configuration:
Note: For an authoritative guidance on configuration of a Cisco equipment, please refer to the product documentation of that equipment. Please note, that Fortinet Technical Support can not provide any assistance with configuration, operation and troubleshooting of a 3rd party equipment.
interface FastEthernet0/0 ip address 192.168.40.2 255.255.255.0 duplex auto speed auto vrrp 40 ip 192.168.40.1
When configuring VRRP, it is important to ensure Group-IDs are the same. In the FortiGate configuration, this is the “edit 40” settings. It is the same Group-ID, configured on the Cisco router as “vrrp 40 ip…”. If these values do not match, VRRP will not negotiate correctly.
It is also important to ensure the following command is issued on the FortiGate network interface. This enables the VRRP virtual MAC address between the two devices:
set vrrp-virtual-mac enable
The following debug command will show the error below, when the Group-IDs do not match.