That should be doable but beware of ASYMMETRICAL issues within the two different clusters but vrrp has been problematic in  earlier  fortiOS version.  I would stray away from   VRRP at all cost and beaware  of any  hosts that doesn't do GARP response very good or at all/

if you truly have 2x two-clusters

e.g

FGT XYZ  master1 and slave1  VRRP grp  prio 120

FGT LMN  master2 and slave2  VRRP grp  prio 90

And want to do VRRP between the two that should be doable ( never seen it done tho ).

Typically you don't mix HA  protocol and I only used VRRP when we needed HA and the two models  DID NOT match. But I  never seen any one try to do VRRP within cluster to another cluster.

Ken

Thanks for the responses. My customer has already a running cluster with 2x FortiGates which are EoS. So we can't add a third member in the cluster. That's why I'm thinking of setting up a second cluster with different FGs and make the two clusters speak VRRP to each other. Can you think of some other idea that I could do such thing?

I do.

Instead of building a 3-member HA cluster apply for the EOL TradeUp program and get 2 new FGTs. Adding members to a HA cluster has limited benefits in regard to throughput. It's good for redundancy but that's about it.

Besides, when the hardware is EoS the contracts will fade out, too. What then?

I'm afraid this cannot be done, because this is a public sector project and no trade-up is accepted due to bureaucratic constraints...

Ede has the right approach.

1> you are concern on HA 2> you on different models 3> EoS/EoL blah blah,  ( these are all good points )

Escalate the above to your Purchasing and Director with the business impact as to why you need to refresh. Use the above points  and the TOC and impact if the systems are not upgraded. A proper enterprise business should be aware that  most system needs to be refresh between  3-5 years due to  many factors

Before saying no, do you know how big the discount is in the TradeUp program?

(in Europe, 38% on hardware and bundles, 30% on FortiCare and renewals)

This alone should be a good argument; add the vanishing support in the near future and you have valid points to make, in comparison to buying 2 smaller FGTs now.

Back to your question:

VRRP should work but as it is uncommon in this scenario it's not extensively documented. You will only benefit from the virtual WAN IP though - no session failover, longer time to fail over, no config sync. It's so limited you could get away with manually switching on a backup FGT.

If budget really is faint or nonexisting, then why not live with one cluster for the time it takes to gather a budget? One FGT can die (though not very probable) but a whole cluster can survive a long time. I cannot see the urgency to fail-protect the existing installation on the one hand, and the low budget argument on the other.

I have worked with several local, state, and federal agencies that were more than ok with doing trade up once we mentioned the advantages it provided.