Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AEK
SuperUser
SuperUser

Created on ‎11-04-2025 12:28 AM

FortiWeb High Volume Active-Active HA and session pickup

Hi FWB admins

In FortiWeb standard A-A HA I can see session pickup (in CLI), but not in high volume A-A HA, while I think this feature must be available here since HV A-A HA should keep the sessions on fail-over, as this is basic HA feature when the sessions are critical.

So is it implicitly enabled even not shown or it just doesn't exist in HV A-A HA?

AEK
AEK
Labels:
287
0 Kudos
7 REPLIES 7
Anthony_E
Community Manager
Community Manager

Created on ‎11-06-2025 10:34 PM

Hello Abdelkrim,

 

I hope you are doing well :)!


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks

Anthony-Fortinet Community Team.
252
0 Kudos
AEK
SuperUser
SuperUser
In response to Anthony_E

Created on ‎11-08-2025 11:56 AM

Hi Anthony

Thanks for your support!

AEK
AEK
232
Anthony_E
Community Manager
Community Manager

Created on ‎11-11-2025 10:42 PM

Hello Abdelkrim,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Thanks,

Anthony-Fortinet Community Team.
212
Anthony_E
Community Manager
Community Manager

Created on ‎11-13-2025 12:35 AM

Hi,

 

In FortiWeb's high volume active-active HA mode, session synchronization (session pickup) is disabled by default. This mode allows each HA member to directly receive and process traffic independently, without relying on a central primary appliance.

To enable session synchronization, which ensures seamless session takeover but increases CPU and bandwidth consumption, you can use the CLI command:

  1. Access the FortiWeb CLI.
  2. Enter the command: set session-pickup in the system ha configuration.

For more detailed instructions, refer to the FortiWeb CLI Reference.

Anthony-Fortinet Community Team.
198
AEK
SuperUser
SuperUser
In response to Anthony_E

Created on ‎11-13-2025 12:43 AM

Hi Anthony

Thanks for your feedback, but unfortunately the command "set session-pickup" is not available in A-A HA mode :(

So I wonder if this functionality is implicit for A-A HA mode, or is it just not available.

AEK
AEK
193
0 Kudos
muhaimifatihi
New Contributor II

Created on ‎11-20-2025 08:54 PM

Hi,

 

This is what i understand on Active-Active High Volume. I refer to this link: https://docs.fortinet.com/document/fortiweb/8.0.2/administration-guide/815314/high-volume-active-act....

 

Session pickup is not available in High Volume Active-Active HA mode because of its distinct architectural design compared to the Standard Active-Active mode.

 

1. No central distributor:

In Standard mode, a primary unit sees all traffic and manages the distribution and session state for the cluster. In High Volume mode, this central management role (which facilitates session tracking and syncing) is removed to eliminate bottlenecks.

2. Independent processing via VIPs:

Because each appliance operates independently and handles its own traffic directly from the network (rather than having it handed off by a primary), there is no centralised session table to sync or pick up.

3. Failover mechanism:

The failover method described in the document is that a "backup appliance assumes the responsibility of handling traffic for the affected virtual IPs." This indicates a network-level failover (moving the VIP) rather than a session-level failover. Since the traffic processing is independent and not centrally distributed, the focus is on maintaining performance and latency rather than maintaining stateful session continuity across different appliances.

 

SCR-20251121-loms.png

 

Thanks,

Muhaimi

94
AEK
SuperUser
SuperUser

Created on ‎11-23-2025 07:17 AM

Hi Muhaimi

Thanks for your feedback.

I understand also the same. However I'm still searching for an official response but can't find yet.

And I still hope there is session sync since there are some usage where the sessions are critical.

AEK
AEK
64
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.