Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
firdausi12
New Contributor III

Created on ‎08-07-2023 07:53 AM

HA Between Different Datacenters

Hello Team,

We have 2 datacenters across different states (kano / abuja) and we want to deploy one of our HA Availability each to different  locations due to redundancy.  Please keep in mind we have a VPN tunnel accross.

Please i need someone to help and guide me on how to achieve that in steps .

 

Regards,

Firdausi Nababa

FN
FN
Labels:
915
0 Kudos
2 REPLIES 2
rvijayaraj
Staff
Staff

Created on ‎08-07-2023 08:09 AM

Hi , 

There are few configuration which needs to enabled when setting up a HA in a ipsec vpn configured firewalls as below : 

1. session-pickup under HA settings

config vpn ipsec phase1-interface 

edit (vpn-name) 

set ha-sync-esp-seqno enable 

end

 

 

2. ha-sync-esp-seqno under IPsec phase1-interface settings 

config system ha

set session-pickup enable 

end

 

The below docs will help you in understanding the requirement for enabling the commands : 

 

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/111309/ipsec-vpn-in-an-ha-environment

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-VPN-in-HA-Environment/ta-p/195849

 

Regards,

Roshan 

 

 

 

 

 

 

 

903
medaabreu
New Contributor
In response to rvijayaraj

Created on ‎08-09-2023 12:14 AM

@rvijayaraj wrote:

Hi , 

There are few configuration which needs to enabled when setting up a HA in a ipsec vpn configured firewalls as below : 

1. session-pickup under HA settings

config vpn ipsec phase1-interface 

edit (vpn-name) 

set ha-sync-esp-seqno enable 

end

 

 

2. ha-sync-esp-seqno under IPsec phase1-interface settings 

config system ha

set session-pickup enable 

end

 

The below docs will help you in understanding the requirement for enabling the commands : 

 

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/111309/ipsec-vpn-in-an-ha-environment

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-VPN-in-HA-Environment/ta-p/195849

 

Regards,

Roshan

Thanks for this - much appreciated!

,
,
860
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.