FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
arydlewski
Staff
Staff

Description
This article describes how to configure FGSP session synchronization between standalone chassis FortiGates.

Useful links:

Fortinet Documentation
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-high-availability/HA_standaloneConfi...


Scope
FortiGate v6.0.4, build 8385

 


Solution
Standalone session synchronization is deployed for session-synchronization among multiple data centers
Example of standalone session synchronization between two data centers.

Use the following command to configure an FGSP HA cluster-sync instance:
#config system cluster-sync
edit 1
set peervd "mgmt-vdom"
set peerip 10.10.10.1
set syncvd "VDOM-1" "VDOM-2" "VDOM-3"
next
 
HA configuration session:
#config system ha
set session-pickup enable
set session-pickup-connectionless enable
set session-pickup-expectation enable
set session-pickup-nat enable
set override disable
Important Note: To have confidence that configuration on both Chassis is matching, please perform primary node configuration backup, adjust it to secondary node requirements (hostname, end-to-end IP address(between chassis), system cluster-sync addresses) and recover pre-prepared configuration file on secondary node.
 
Verification:
Check and compare sessions existence on both nodes
#diag sys session list

 

Contributors