Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
darisandy
Staff
Staff

Created on ‎12-23-2024 12:10 AM Edited on ‎12-23-2024 12:12 AM By Community Manager

Article Id 366222

Technical Tip: VRRP Role status on FortiGate Chassis 7000E

Description This article describes the VRRP Role status on FIM and FPM of FortiGate Chassis 7000E.
Scope FortiGate-7000E.
Solution

When VRRP is configured on certain interfaces, which unit becomes the VRRP Master can be assigned by configuring the priority.

 

Example.

 

  • Unit 1:

 

edit "To_Core"
    set ip 10.10.10.2 255.255.255.240
    set allowaccess ping
    set vrrp-virtual-mac enable
        config vrrp
            edit 150
                set vrgrp 500
                set vrip 10.10.10.1
                set priority 50
            next
          end
              set role lan
              set interface "1-A1"

          next

 

  • Unit 2:

 

edit "To_Core"

    set ip 10.10.10.3 255.255.255.240
    set allowaccess ping
    set vrrp-virtual-mac enable
        config vrrp
            edit 150
            set vrgrp 500
            set vrip 10.10.10.1
            set priority 150
            set vrdst 0.0.0.0
        next
      end
          set role lan
          set interface "1-A1"
      next

 

The VRRP Status

  •  Unit 1:

 

get router info vrrp
Slot: 2 Module SN: FIMaaaa
Interface: To_Core, primary IP address: 10.10.10.2
UseVMAC: 1, SoftSW: 0, BrPortIdx: 0, PromiscCount: 1
HA mode: primary (4:0:39) VRRP master number: 1
CHLB: slave (4:39)
VRID: 150 verion: 2
vrip: 10.10.10.1, priority: 50 (50,0), state: MASTER
adv_interval: 1, preempt: 1, ignore_dft: 0 start_time: 3
master_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:96
vrdst: 0.0.0.0
vrgrp: 500


Slot: 3 Module SN: FPMbbbb
Interface: To_Core, primary IP address: 10.10.10.2
UseVMAC: 1, SoftSW: 0, BrPortIdx: 0, PromiscCount: 0
HA mode: primary (4:0:39) VRRP master number: 0
CHLB: master (4:39)
VRID: 150 verion: 2
vrip: 10.10.10.1, priority: 50 (50,0), state: BACKUP
adv_interval: 1, preempt: 1, ignore_dft: 0 start_time: 3
master_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:96
vrdst: 0.0.0.0
vrgrp: 500

 

  • Unit 2:

 

Slot: 2 Module SN: FIMcccc
Interface: To_Core, primary IP address: 10.10.10.3
UseVMAC: 1, SoftSW: 0, BrPortIdx: 0, PromiscCount: 1
HA mode: primary (4:0:40) VRRP master number: 1
CHLB: slave (4:40)
VRID: 150 verion: 2
vrip: 10.10.10.1, priority: 150 (150,0), state: MASTER
adv_interval: 1, preempt: 1, ignore_dft: 0 start_time: 3
master_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:96
vrdst: 0.0.0.0
vrgrp: 500

Slot: 3 Module SN: FPMdddd
Interface: To_Core, primary IP address: 10.10.10.3
UseVMAC: 1, SoftSW: 0, BrPortIdx: 0, PromiscCount: 1
HA mode: primary (4:0:40) VRRP master number: 1
CHLB: master (4:40)
VRID: 150 verion: 2
vrip: 10.10.10.1, priority: 150 (150,0), state: MASTER
adv_interval: 1, preempt: 1, ignore_dft: 0 start_time: 3
master_adv_interval: 100, accept: 1
vrmac: 00:00:5e:00:01:96
vrdst: 0.0.0.0
vrgrp: 500

 

  • Unit 1 FIM module showing state as MASTER, even though it has a lower priority of 50.
  • The FPM module is showing the correct status as BACKUP.

 

This is an expected behavior, because of some hardware limitations on the FortiGate Chassis-7000E series.

Even though FIM shows the wrong status, the traffic will be processed accordingly based on FPM status.

 

69
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.