Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sahmed_FTNT
Staff & Editor
Staff & Editor

Created on ‎10-18-2025 11:06 AM Edited on ‎10-22-2025 01:48 AM By Community Manager

Article Id 415563

Troubleshooting Tip: FortiGate VRRP configuration with Juniper Router

 

Description This article describes the VRRP configuration between FortiGate and Juniper devices.
Scope FortiGate.
Solution

VRRP can be configured between third-party network devices for traffic redundancy.

 

FortiGate Configuration:

 

config system interface
    edit "port19"
        set vdom "root"
        set ip 10.1.1.3 255.255.255.0
        set allowaccess ping https http
        set type physical
        set vrrp-virtual-mac enable
        config vrrp
            edit 10
                set version 2
                set vrgrp 10
                set vrip 10.1.1.1
                set priority 250
                set adv-interval 1
                set start-time 3
                set preempt enable
                set status enable
            next
        end

next

end

    

Juniper Configuration:

 

root@R1# edit interfaces ge-0/0/0 unit 0 family inet address 10.1.1.2/24

 

VRRP Group:


[edit interfaces ge-0/0/0 unit 0 family inet address 10.1.1.2/24]
root@R1# set vrrp-group 10

 

VRRP IP:


[edit interfaces ge-0/0/0 unit 0 family inet address 10.1.1.2/24]
root@R1# set vrrp-group 10 virtual-address 10.1.1.1

 

VRRP Priority:

 

[edit interfaces ge-0/0/0 unit 0 family inet address 10.1.1.2/24]
root@R1# set vrrp-group 10 priority 150
root@R1# set vrrp-group 10 preempt
root@Juniper-01# set vrrp-group 10 authentication-type simple

 

VRRP allows traffic command:

 

[edit interfaces ge-0/0/0 unit 0 family inet address 10.1.1.2/24]
root@R1# set vrrp-group 10 accept-data

 

Verification:

On Juniper:

 

root@R1> show vrrp
Interface     State     Group     VR state     Timer     Type     Address
ge-0/0/0       up         10       backup      A 1.052    lcl     10.1.1.2
                                                          vip     10.1.1.1

 

root@R1> show vrrp track detail
Tracked interface: ge-0/0/0
    State: up, Speed: 1g
    Incurred priority cost: 0
    Tracking VRRP interface: ge-0/0/0, Group: 10
        VR State: backup
        Current priority: 120, Configured priority: 250
        Priority hold-time: disabled

 

On FortiGate:

 

FortiGate # get router info vrrp
    Interface: port19, primary IP address: 10.1.1.3
    UseVMAC: 1, SoftSW: 0, BrPortIdx: 0, PromiscCount: 1
    HA mode: master (0:1)
    VRID: 10
    vrip: 10.1.1.1, priority: 250 (250,0), state: MASTER
    adv_interval: 1, preempt: 1, start_time: 3
    vrmac: 00:00:5e:00:01:03
    vrdst:
    vrgrp: 10

 

 

VRRP Debug Commands on FortiGate:

 

diagnose debug application vrrpd -1
diagnose debug enable
 
Stop the Debug Using the command below:
 
diagnose debug disable 
diagnose debug reset
 
VRRP uses protocol number 112, and packet sniffer can be run to capture VRRP traffic multicast traffic for further analysis when needed.
 
diagnose sniffer packet any 'proto 112' 6 0 a
 
Related articles:

 

Labels:
308
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.