| Description |
This article describes how to verify Sessions are SYNC in HA cluster through CLI.
During the troubleshooting process, it can be necessary to view the current sessions in the Primary unit to be in sync with the Secondary unit for smooth failover. |
| Scope | FortiGate. |
| Solution |
Note if session-pick is disabled in HA, it will not be syncing sessions in the Primary and Secondary unit.
When disabled :
FGT_Master (global) # config sys ha FGT_Master (ha) # set session-pickup disable FGT_Master (ha) # set session-pickup-connectionless disable
Note: At the time of failover, since the session information is not synchronized to the Secondary unit, the existing session traffic will get dropped due to 'no session matched'.
When Enabled:
If the session pickup is enabled, it will sync all the sessions across the devices in the HA cluster:
FGT_Master (global) # config sys ha FGT_Master (ha) # set session-pickup enable FGT_Master (ha) # set session-pickup-connectionless enable
Note: After enabling session pickup, the session information will be synchronized to the Secondary unit, with the Synched flag on the Primary , and the sync_ses flag on the Secondary. |
