Hi there, 

I have one setup with 2 Fortigates with VRRP. Each fortigate is located on a different Datacenter. 

There's one VRRP on WAN 

There's one VRRP on LAN 

VRRP is working perfectly, My issue is that I need to be able to track logical failures of this environment that pretty much would never bring one interface down due to physical issues (it's a datacenter) 

I'm using VRGRP to group cause the other interface to fail together ( if WAN fails, the LAN would fail too ) 

VRDST option is documented to monitor the route to a destination IP so for example If I configure like vrdst=8.8.8.8 it would monitor if the routing table ( get router info routing-table database ) has active routes to that destination. Once it's removed, the VRDST would trigger a VRRP fail-over. So I have to also setup a link-monitor that would remove the 0.0.0.0/0 route from my routing table. 

This scenario works just perfectly to a fail-over. When the 8.8.8.8 isn't reachable, the link monitor removes the route 0.0.0.0/0 which triggers a VRRP fail-over due to the VRDST monitor together with VRGRP this would cause WAN and LAN VRRP's to fail-over everything. But when the 8.8.8.8 is available again, the link-monitor seems to not be able to ping and it dosn't fall-back.  

Some additional info : 

FortiOS Version : 5.2.3

VRRP alone works pretty fine detecting physical failures. 

Using Link-monitor to bring down interfaces just get it worse. 

If someone has any useful information about VRRP, link-monitor, VRDST or VRGRP, please share here. I appreciate. 

Thanks in advance.