Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bcdudley
New Contributor

VRRP routing

Hello,

 I have 2 Fortigate 300E's with layer 2 connectivity. They are both connected to a vlan. The vrrp part is workign exactly as it should where I can fail between them and the secondary takes over the gateway address and allows traffic to pass outbound. 

 

The problem I am having is during normal operating mode, none of the networks on my secondary side are able to route to the vrrp network because the secondary Fortigate has an administrative distance of 0, but it does not hold the vrrp address.

 

I have tried to create a static route and assign it a distance of 10, but the monitor still shows 0. Any suggestions on how to get around this or a better method for redundant sites.

1 REPLY 1
Toshi_Esumi
Esteemed Contributor III

You probably didn't configure a unique IP on the vlan interface on both sides. I realize not so many sample config from FTNT available for that part. But in below example, 192.168.40.3/24 is configured on the interface then 192.168.40.1/24 as "vrip". And the cisco side has 192.168.40.2/24.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD34844

When the FGT is standby, '.1' belongs to the Cisco but it still can send packets out toward the subnet. In the routing-table (get router info routing-table all), you still should see 192.168.40.0/24 as a "C"(Connected) route.

Labels
Top Kudoed Authors