FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sabk_FTNT
Staff
Staff
Description
This article explains how to increase session-sync capabilities and performances on FortiGate SLBC clusters with chassis redundancy.

Scope
SLBC cluster with 2 chassis.

Solution
The session-sync daemon is used to share session information between master and slave FortiGate blades.  By default the FortiGate activates only one session-sync-daemon.

When session-sync is enabled and the session rate is high , it is recommended to increase the number of session-sync daemons.  This will increase the number of processes to handle session packets sent from the kernel.

This is configured on the FortiGate acting as config sync master:
config global
        config system ha
            set session-sync-daemon-number 10
        end
end

The default value is 1, the range is from 1 to 15.

With multiple session-sync-daemon the load can be shared between multiple CPUs.

Reminder: For SLBC cluster other HA parameters are configured on FortiController.

Settings on FortiController:
config system ha
    set chassis-redundancy enable
    set chassis-id 1
    [...]
end

config load-balance setting
    set session-sync enable
end

Related Articles

Technical Note: HA session-sync-dev configuration

Contributors