| Description | This article describes the changes made to configuring FGSP in FortiOS versions 7.2 and 7.4. |
| Scope | FortiOS 7.2 and 7.4 onwards. |
| Solution |
When configuring FGSP on FortiGate until FortiOS version 7.0.x, it is necessary to configure the following two settings:
config system standalone-cluster
From version 7.2.x, these two settings have been merged:
config system standalone-cluster config cluster-peer end end
This change applies to FortiGate chassis products as well.
Below is an example of how to configure FGSP between two FortiGate 6000 chassis using an HA interface for session synchronization on version 7.4.1.
get system status
On Unit1:
set standalone-group-id 1 config cluster-peer edit 1 set peervd "mgmt-vdom" next end end
config system interface edit "ha1" set ip 192.168.10.11 255.255.255.0 next end
config system standalone-cluster set standalone-group-id 1 set group-member-id 2 config cluster-peer edit 1 set peervd "mgmt-vdom" set peerip 192.168.10.11 set syncvd "root" next end end
edit "ha1" set ip 192.168.10.12 255.255.255.0 next end
config system ha set session-pickup enable end
Configure necessary firewall policies on both units (skipped).
Generate some TCP traffic, and use the following command to verify the session synchronization status on both units:
diagnose sys session list | grep "SN\|total"
The output from the two units should be identical:
|
