Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FB
New Contributor

Created on ‎09-17-2020 11:37 AM

Fortigate 500E appears to be not load balancing throughput properly

Fortigate 500E appears to be not load balancing throughput properly V6.2.3

 

I have a 2-Nod cluster running since the launch of the 500E hardware

Over time, sometimes, we have some sync problems

In the last months we were struggling with a problem related to a non-synch cluster and, at the end, it was an old and expired certificate. After the removal of the vpn.certificate.ca, the problem was partially solved

 

But..

 

After a while we noticed that our A-A cluster is load balancing the session, now, 18K sessions per node, but most of the time, Master is processing 50-100 Mbps throughput, but Slave node is processing  between 25-900Kbps

 

Most of the users are in home, so we´re using VPNSSL and sometimes pptpD, but it shuould laod balance trhoughput even that way, am I right?

 

 

get system performance status | grep network Average network usage: 65936 / 68076 kbps in 1 minute, 71031 / 72909 kbps in 10 minutes, 67995 / 69644 kbps in 30 minutes

get system performance status | grep network Average network usage: 2383 / 443 kbps in 1 minute, 2533 / 460 kbps in 10 minutes, 2227 / 436 kbps in 30 minutes

 

users also complanin about some disconenctyins, TS/RDP session being disconencted with no reason, http session dying and mannually being refreshd to get back, weird behaviour

 

CPUs are under 5% and Memory below 30% on both nodes (less usage on Slave)

config system ha set mode a-a set sync-packet-balance disable unset session-sync-dev set route-ttl 10 set route-wait 0 set route-hold 10 set multicast-ttl 600 set sync-config enable set encryption disable set authentication disable set hb-interval 2 set hb-lost-threshold 6 set hello-holddown 20 set gratuitous-arps enable set arps 5 set arps-interval 8 set session-pickup enable set session-pickup-connectionless enable set session-pickup-expectation disable set session-pickup-delay disable set link-failed-signal disable set uninterruptible-upgrade enable set ha-mgmt-status disable set ha-eth-type "8890" set hc-eth-type "8891" set l2ep-eth-type "8893" set ha-uptime-diff-margin 300 set vcluster2 disable set override disable set priority 130 set schedule weight-round-robin unset monitor unset pingserver-monitor-interface unset vdom set ssd-failover disable set memory-compatible-mode disable set inter-cluster-session-sync disable set load-balance-all enable end

---

---
1570
0 Kudos
0 REPLIES 0
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.