TCP and UDP local ingress session setup and round robin load balancing
By default TCP and UDP local ingress is set to disable and sessions are added to the load balancer memory only after they are accepted by worker firewall policies. This setting results in improved performance because fewer sessions are recorded and managed by the load balancer so the load balancer has more memory available to handle more accepted sessions.
Enabling local ingress session setup also means a cluster is more vulnerable to DDOS attacks because the cluster is processing more sessions and because FortiGate DDOS protection cannot block DDOS attacks before they are recorded by the load balancer.
However, disabling local ingress session setup means that round-robin load distribution is not supported.
So in general, unless you need to use round-robin load distribution you should leave TCP and UDP local ingress set to disable.