IPsec VPN load balancing

FortiGate 6000F IPsec load balancing is tunnel based. You can set the load balance strategy for each tunnel when configuring phase1-interface options:

config vpn ipsec phase1-interface

edit <name>

set ipsec-tunnel-slot {auto | FPC1 | FPC2 | FPC3 | FPC4 | FPC5 | FPC6 | FPC7 | FPC8 | FPC9 | FPC10 | master}

end

auto the default setting. All tunnels started by this phase 1 are load balanced to an FPC slot based on the src-ip and dst-ip hash result. All traffic for a given tunnel instance is processed by the same FPC.

FPC1 to FPC10 all tunnels started by this phase 1 terminate on the selected FPC. For the FortiGate-6300F and 6301F the options are FPC1 to FPC6.

master all tunnels started by this phase 1 terminate on the primary FPC.

Even if you select master or a specific FPC, new SAs created by this tunnel are synchronized to all FPCs.

IPsec VPN load balancing

FortiGate 6000F IPsec load balancing is tunnel based. You can set the load balance strategy for each tunnel when configuring phase1-interface options:

config vpn ipsec phase1-interface

edit <name>

set ipsec-tunnel-slot {auto | FPC1 | FPC2 | FPC3 | FPC4 | FPC5 | FPC6 | FPC7 | FPC8 | FPC9 | FPC10 | master}

end

FPC1 to FPC10 all tunnels started by this phase 1 terminate on the selected FPC. For the FortiGate-6300F and 6301F the options are FPC1 to FPC6.

master all tunnels started by this phase 1 terminate on the primary FPC.

Even if you select master or a specific FPC, new SAs created by this tunnel are synchronized to all FPCs.

FortiGate-6000 Handbook

IPsec VPN load balancing

IPsec VPN load balancing

IPsec VPN load balancing