Description | This article discusses about '# diag sys session stat' between clusters which are not showing the same session_count. |
Scope | 6.4 |
Solution |
To configure session synchronization between two clusters:
1) Configure the two clusters.
2) On cluster A, configure the peer IP for the interface: # config system interface edit "port5" set vdom "root" set ip 10.10.10.1 255.255.255.0 set allowaccess ping https ssh snmp http telnet next end In this example, cluster A uses port5 and its IP address, 10.10.10.1, is reachable from another cluster.
3) On cluster A, configure cluster and session synchronization: # config system cluster-sync edit 1 set peerip 10.10.10.2 next end 4) On cluster A, configure additional FGSP attributes as needed: # config system standalone-cluster set standalone-group-id 1 set group-member-id 0 set session-sync-dev <interface> end The standalone-group-id must match between FGSP members. The group-member-id is unique for each FGCP cluster. session-sync-dev is an optional command to specify the interfaces to sync sessions.
5) On cluster B, configure the peer IP for the interface: # config system interface edit "port5" set vdom "root" set ip 10.10.10.2 255.255.255.0 set allowaccess ping https ssh snmp http telnet next end In this example, cluster B uses port5 and its IP address, 10.10.10.2, is reachable from another cluster.
6) On cluster B, configure cluster and session synchronization: # config system cluster-sync edit 1 set peerip 10.10.10.1 next end 7) On cluster B, configure additional FGSP attributes as needed: # config system standalone-cluster set standalone-group-id 1 set group-member-id 1 set session-sync-dev <interface> end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.