FortiGate-7000 session synchronization involves the primary FortiGate-7000 informing the secondary FortiGate-7000 of changes to the primary FortiGate-7000 connection and state tables, keeping the secondary FortiGate-7000 up-to-date with the traffic currently being processed by the cluster.
Session synchronization traffic uses the M1 and M2 interfaces. FortiGate-7000 does not support using the
session-sync-dev option to use data interfaces for session synchronization. The M1 and M2 interfaces provide enough bandwidth for both HA heartbeat and session synchronization traffic, so additional session synchronization devices are not required. As well, keeping session synchronization traffic on the M1 and M2 interfaces separates session synchronization traffic from data traffic.
After an HA failover, because of session synchronization the new primary FortiGate-7000 recognizes open sessions that were being handled by the cluster. The sessions continue to be processed by the new primary FortiGate-7000 and are handled according to their last known state.