FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to increase session-sync capabilities and performances on FortiGate SLBC clusters with chassis redundancy.
SLBC cluster with 2 chassis.
The session-sync daemon is used to share session information between master and slave FortiGate blades. By default the FortiGate activates only one session-sync-daemon.
When session-sync is enabled and the session rate is high , it is recommended to increase the number of session-sync daemons. This will increase the number of processes to handle session packets sent from the kernel.
This is configured on the FortiGate acting as config sync master:
config global config system ha set session-sync-daemon-number 10 end end
The default value is 1, the range is from 1 to 15.
With multiple session-sync-daemon the load can be shared between multiple CPUs.
Reminder: For SLBC cluster other HA parameters are configured on FortiController.
Settings on FortiController:
config system ha set chassis-redundancy enable set chassis-id 1 [...] end
config load-balance setting set session-sync enable end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.