Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sabk_FTNT
Staff
Staff

Created on ‎06-29-2017 12:54 AM

Article Id 195487

Technical Note: How to increase session-sync performance on a SLBC cluster

Description
This article explains how to increase session-sync capabilities and performances on FortiGate SLBC clusters with chassis redundancy.

Scope
SLBC cluster with 2 chassis.

Solution
The session-sync daemon is used to share session information between master and slave FortiGate blades.  By default the FortiGate activates only one session-sync-daemon.

When session-sync is enabled and the session rate is high , it is recommended to increase the number of session-sync daemons.  This will increase the number of processes to handle session packets sent from the kernel.

This is configured on the FortiGate acting as config sync master:
config global
        config system ha
            set session-sync-daemon-number 10
        end
end

The default value is 1, the range is from 1 to 15.

With multiple session-sync-daemon the load can be shared between multiple CPUs.

Reminder: For SLBC cluster other HA parameters are configured on FortiController.

Settings on FortiController:
config system ha
    set chassis-redundancy enable
    set chassis-id 1
    [...]
end

config load-balance setting
    set session-sync enable
end

Related Articles

Technical Note: HA session-sync-dev configuration

Labels:
2088
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.