|
When FortiGate is in an FGSP cluster, one device is the session owner with the synced flag, and another device has the synced session with the syn_ses flag in the session list: Technical Tip: FGSP Configuration Guide for Session Sync and Config Sync article for the details
To resolve the FortiGate session sync issue, follow these steps:
- Ensure that the FortiGates are configured in a standalone cluster with FortiGate Session Sync Protocol (FGSP) enabled.
- Verify that the session sync interface is configured correctly.
- Collect sniffer, debug flow, and sessionsync outputs from firewall:
diagnose sniffer packet any 'host x.x.x.x and host y.y.y.y' 4 0 l
On the device that has synced the session, collect:
diagnose debug sessionsync -1
diagnose debug console timestamp enable
diagnose debug enable
On the device that is rebooted, collect:
diagnose debug flow filter addr x.x.x.x
diagnose debug flow show iprope enable
diagnose debug flow trace start 1000
diagnose debug console timestamp enable
diagnose debug enable
Collect the output of the 'diagnose sys session sync' and 'diagnose sys session list' commands to troubleshoot the issue further: Session failover (session-pickup)
|
