I've done two FAZ VM and configured HA.
It seems that the cluster needs an L2 shared because it uses VRRP for cluster IP (to configure in the fortigates).
But the cluster synchronization is done also on geographic L3 link (it requires only the IP of the other FAZ and SN). The configuration sync is done on the port TCP 5199, while log sync is done in TCP 514. It is encrypted, but I don't think it is compressed.
All seems functional and very beautifull! Hope it works well in production too :) Cluster is up from 25 minutes, I've only one devices connected and few logs