FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to increase session-sync capabilities and performances on FortiGate SLBC clusters with chassis redundancy.
SLBC cluster with 2 chassis.
The session-sync daemon is used to share session information between master and slave FortiGate blades. By default the FortiGate activates only one session-sync-daemon.
When session-sync is enabled and the session rate is high , it is recommended to increase the number of session-sync daemons. This will increase the number of processes to handle session packets sent from the kernel.
This is configured on the FortiGate acting as config sync master:
config global config system ha set session-sync-daemon-number 10 end end
The default value is 1, the range is from 1 to 15.
With multiple session-sync-daemon the load can be shared between multiple CPUs.
Reminder: For SLBC cluster other HA parameters are configured on FortiController.
Settings on FortiController:
config system ha set chassis-redundancy enable set chassis-id 1 [...] end
config load-balance setting set session-sync enable end