Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hklb
Contributor II

Created on ‎03-30-2015 04:21 AM

HA synchronization

Hello,

 

I will install a HA of 1500D for a customer. I have two question about that : - Which bandwith will be used for session synchronization (There is approximately 400 new session per second and 10'000 sessions established) ? Is there a way to know the amount of traffic will be used ? - Is a good choice to use the MGMT1 and MGMT2 interface to HA heartbeat/sync session ? Or there is a hardware/software limitation ?

 

Thanks in advance

 

Lucas

3676
0 Kudos
1 Solution
Christopher_McMullan
Staff
Staff

Created on ‎03-30-2015 05:56 AM

I don't have any figures for the bandwidth required to maintain active sessions, but a helpful guide for the bandwidth requirements to synchronize session setup is:

roughly 500kbps for every 1,000 sessions set up per second

 

This is not an exact, officially published benchmark - only a rough guide from some internal testing. Session setup is far more important than active sessions.

 

As a best practice, you should consider using redundant HA links, as well as segmenting session-sync traffic from HA heartbeat messages. It's a high cost, but it pays off in spades: two interfaces for HA (use ones you don't really want, like 'HA' ports, or unused Fast Ethernet or Gigabit, where they are an order of magnitude smaller than other production ports on the device), plus one for session-sync traffic.

 

You can use non-accelerated ports or not as your preferences go - there's really no restriction on which port you use, so long as it's not already dedicated to another purpose. You could even theoretically use a production port shared with other traffic, though I wouldn't recommend this anywhere.

Regards, Chris McMullan Fortinet Ottawa

View solution in original post

1866
0 Kudos
2 REPLIES 2
Christopher_McMullan
Staff
Staff

Created on ‎03-30-2015 05:56 AM

I don't have any figures for the bandwidth required to maintain active sessions, but a helpful guide for the bandwidth requirements to synchronize session setup is:

roughly 500kbps for every 1,000 sessions set up per second

 

This is not an exact, officially published benchmark - only a rough guide from some internal testing. Session setup is far more important than active sessions.

 

As a best practice, you should consider using redundant HA links, as well as segmenting session-sync traffic from HA heartbeat messages. It's a high cost, but it pays off in spades: two interfaces for HA (use ones you don't really want, like 'HA' ports, or unused Fast Ethernet or Gigabit, where they are an order of magnitude smaller than other production ports on the device), plus one for session-sync traffic.

 

You can use non-accelerated ports or not as your preferences go - there's really no restriction on which port you use, so long as it's not already dedicated to another purpose. You could even theoretically use a production port shared with other traffic, though I wouldn't recommend this anywhere.

Regards, Chris McMullan Fortinet Ottawa

1867
0 Kudos
hklb
Contributor II

Created on ‎03-30-2015 06:04 AM

Hello Chris,

 

Ok, thanks for your quick reply, that's perfect. 

 

Lucas

1835
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.