Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sgursimran
Staff
Staff

Created on ‎06-17-2025 10:02 PM

Article Id 396880

Technical Tip: VRRP hello timer advertises in milliseconds in v7.6.x causing VRRP to break

Description

This article describes a known-issue with VRRP on the FortiGate where the Advertisement Interval field (aka ‘adv-interval’) in the VRRP packet header is not being set correctly.
Scope FortiGate v7.6.x.
Solution

Before v7.6, VRRP’s Advertisement Interval was seconds-based and could be set from 1 to 255 seconds. In FortiOS 7.6.0 and later, VRRP was enhanced to allow the VRRP Advertisement Interval to be set in milliseconds (250 to 255000), which aligns with VRRP Version 3’s support for millisecond timers (see also: FortiGate 7.6 New Features – VRRP hello timer in milliseconds).

 

However, an issue currently exists where these millisecond timers are not correctly converted back to whole seconds when using the original VRRP Version 2. This can cause VRRP peerings to fail to establish due to mismatched timers.

Below is an example where the adv-interval is set to 2000, and the conversion is not correct as advertised in the packet capture.

 

vrrp 2000.png

 

This issue is tracked as part of Known Issue 1166008, and it will be resolved in v7.6.4 and the upcoming v8.0.
263
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.