Hi there,
Guys I am trying to set up a firewall into a VRRP. Currently I have only configured one firewall and given a priority of 255. When I see the status of the firewall it says it is a backup. The priority is 255 so I assume is should be a master. Am i missing anything ?
FortiGate-100F # get router info vrrp
Interface: x2, primary IP address: 10.108.0.2
UseVMAC: 1, SoftSW: 0, EmacVlan: 0 BrPortIdx: 0, PromiscCount: 0
HA mode: primary (0:0:1) VRRP primary number: 0
VRID: 1 verion: 2
vrip: 10.108.0.1, priority: 255 (255,20), state: BACKUP
adv_interval: 5, preempt: 1, ignore_dft: 0 start_time: 10
primary_adv_interval: 500, accept: 1
vrmac: 00:00:5e:00:01:01
vrdst: 10.50.50.109
vrgrp: 100
edit "x2"
set vdom "root"
set ip 10.108.0.2 255.255.255.248
set allowaccess ping https ssh
set type physical
set mediatype sr
set alias "Uplink to Core Switch"
set vrrp-virtual-mac enable
config vrrp
edit 1
set vrgrp 100
set vrip 10.108.0.1
set priority 255
set adv-interval 5
set start-time 10
set vrdst 10.50.50.109
set vrdst-priority 20
next
end
set snmp-index 20
set speed 10000full
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If it's a new config, make sure the port on which you are configuring this is operational and status is UP.
Hi @Harmander
I pushed exactly the same config as yours and the state in MASTER.
FG # get router info vrrp
Interface: port6, primary IP address: 172.20.3.1
UseVMAC: 1, SoftSW: 0, BrPortIdx: 0, PromiscCount: 1
HA mode: master (0:0:1) VRRP master number: 1
VRID: 1 verion: 2
vrip: 10.108.0.1, priority: 20 (255,20), state: MASTER
adv_interval: 5, preempt: 1, ignore_dft: 0 start_time: 10
master_adv_interval: 500, accept: 1
vrmac: 00:00:5e:00:01:01
vrdst: 10.50.50.109
vrgrp: 100
Shouldn't be an issue as long as there aren't duplicate replies. Remember even if the gateway is only active on one side both upstream routers have valid paths back to the client.
If it's a new config, make sure the port on which you are configuring this is operational and status is UP.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.