05-08-2012 01:58 PM
VRRP is not a routable protocol, and is not the IP protocol so a "ip any any" rule will not allow VRRP, this is the VRRP protocol and should be allowed.
Your fw should be configured in transparent mode, never in routing mode. Should even allow pass through STP traffic or any other Layer2 protocol, like ARP. If not VRRP will not pass through your FW, because VRRP packets cant be routed.
This is why you got both routers as master. Because the FW block any vrrp traffic.
05-08-2012 02:08 PM
it was in transparent mode.
after looking through the different options on the firewall, my guess was either our junipers arent configured 100% properly or the fortinet fortigate firewall just wasnt 100% compatible with the juniper m7i routers.
05-09-2012 03:09 AM
The only compatiblity issue you may have, is that firewall didnt reconize some protocols, and could not configure this to be allowed by the fw. But vrrp is a standard protocol, could not have issues with this.
Anyway, try to configure a ip any any, arp any any, icmp any any, vrrp any any rules, then both router should work properly, you have to be able to telnet, ping from both routers to each other, and vrrp should work. If not, firewall is not transparent.