FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jintrah_FTNT
Staff
Staff
Article Id 190568

Description

 

When the HA is used in the FortiGate with active-active mode, the traffic may not perform the load balance with the TCP traffic as expected.
Sometimes, it is not possible to configure the load balance with the HA in active-active mode properly.

Scope
FortiGate

Solution

 

This article assumes HA has been joined in active-active mode already.
To load balance TCP traffic besides proxy sessions, use the following CLI commands.

 

config system ha

set load-balance-all enable <- Disabled by default. (Enable to load balance TCP sessions. Disable to load balance proxy sessions only.)

end

 

After, it will be possible to check the traffic again.
Both HA units will load balance the TCP traffic afterwards.