SuperUser

Question

FortiWeb High Volume Active-Active HA and session pickup

Forum|Forum|7 months ago
November 4, 2025
5 replies
759 views

Hi FWB admins

In FortiWeb standard A-A HA I can see session pickup (in CLI), but not in high volume A-A HA, while I think this feature must be available here since HV A-A HA should keep the sessions on fail-over, as this is basic HA feature when the sessions are critical.

So is it implicitly enabled even not shown or it just doesn't exist in HV A-A HA?

FortiWEB

Anthony_E

Staff

Hello Abdelkrim,

I hope you are doing well :)!

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks

Best Regards

AEKAuthor

SuperUser

Hi Anthony

Thanks for your support!

AEK

Anthony_E

Staff

Hello Abdelkrim,

We are still looking for someone to help you.

We will come back to you ASAP.

Thanks,

Best Regards

Anthony_E

Staff

Hi,

In FortiWeb's high volume active-active HA mode, session synchronization (session pickup) is disabled by default. This mode allows each HA member to directly receive and process traffic independently, without relying on a central primary appliance.

To enable session synchronization, which ensures seamless session takeover but increases CPU and bandwidth consumption, you can use the CLI command:

Access the FortiWeb CLI.
Enter the command: set session-pickup in the system ha configuration.

For more detailed instructions, refer to the FortiWeb CLI Reference.

Best Regards

AEKAuthor

SuperUser

Hi Anthony

Thanks for your feedback, but unfortunately the command "set session-pickup" is not available in A-A HA mode :(

So I wonder if this functionality is implicit for A-A HA mode, or is it just not available.

AEK

muhaimifatihi

New Member

Hi,

This is what i understand on Active-Active High Volume. I refer to this link: https://docs.fortinet.com/document/fortiweb/8.0.2/administration-guide/815314/high-volume-active-active-ha-mode.

Session pickup is not available in High Volume Active-Active HA mode because of its distinct architectural design compared to the Standard Active-Active mode.

1. No central distributor:

In Standard mode, a primary unit sees all traffic and manages the distribution and session state for the cluster. In High Volume mode, this central management role (which facilitates session tracking and syncing) is removed to eliminate bottlenecks.

2. Independent processing via VIPs:

Because each appliance operates independently and handles its own traffic directly from the network (rather than having it handed off by a primary), there is no centralised session table to sync or pick up.

3. Failover mechanism:

The failover method described in the document is that a "backup appliance assumes the responsibility of handling traffic for the affected virtual IPs." This indicates a network-level failover (moving the VIP) rather than a session-level failover. Since the traffic processing is independent and not centrally distributed, the focus is on maintaining performance and latency rather than maintaining stateful session continuity across different appliances.

Thanks,

Muhaimi

AEKAuthor

SuperUser

Hi Muhaimi

Thanks for your feedback.

I understand also the same. However I'm still searching for an official response but can't find yet.

And I still hope there is session sync since there are some usage where the sessions are critical.

AEK

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded