Synchronizing sessions between FGCP clusters
FortiGate-6000 supports using FGSP to synchronize sessions among up to four FortiGate-6000 FGCP clusters. All of the FortiGate-6000s must be the same hardware model.
FGSP between FGCP clusters synchronizes sessions between the primary FortiGate-6000s in each cluster. FGCP HA then handles session synchronization between FortiGate-6000s in each FGCP cluster.
For details about FGSP between FGCP clusters, see: Synchronizing sessions between FGCP clusters.
You can use the mgmt3 interface for FGSP session synchronization. The HA1 and HA2 interfaces are used for FGCP HA heartbeat between the FortiGate-6000s in each FGCP cluster.
FortiGate-6000 synchronizing sessions between FGCP clusters has the following limitations:
- Synchronizing sessions between FGCP clusters is available only for the FortiGate-6000 (and not the FortiGate-7000).
- The FGCP clusters cannot be configured for virtual clustering.
- NAT between mgmt3 interfaces is not supported.
- Standalone configuration synchronization between the FCGP clusters is not supported.
- Inter-cluster session synchronization doesn't support setting up IPv6 session filters using the
config session-sync-filter
option. - When ICMP load balancing is set to
to-master
, ICMP packets are not installed on the DP processor. In an inter-cluster session synchronization configuration with an asymmetry topology, synchronized ICMP packets will be dropped if the clusters have selected a different primary FPC. To avoid this possible traffic loss, setdp-load-distribution-method
tosrc-ip
,dst-ip
, orsrc-dst-ip
. - Asymmetric IPv6 SCTP traffic sessions are not supported. These sessions are dropped.
-
FGSP IPsec tunnel synchronization is not supported.
- Session synchronization packets cannot be fragmented. So the MTU for the mgmt3 interface should be supported by the network.
- Jumbo frames on the mgmt3 interface are not supported.
- To reduce the number of failovers and the amount of session synchronization traffic, configuring HA override on the FGCP clusters is not recommended.