Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-7000E Handbook

FortiGate-7000E FGSP

FortiGate-7000E supports the FortiGate Session Life Support Protocol (FGSP) (also called standalone session sync) to synchronize sessions among up to four FortiGate-7000Es. FortiGate-7000E also supports FGSP between FGCP clusters.

For details about FGSP, see: FGSP.

You have the following options for selecting interfaces to use for FGSP session synchronization:

  • Up to eight physical data interfaces.

  • One or more data interface LAGs.

  • VLANs added to the data interfaces or data interface LAGs.

  • The M1 or M2 interface of either FIM.

  • A LAG consisting of the M1 and M2 interfaces of one or both FIMs.

You can use configuration synchronization to synchronize the configurations of the FortiGate-7000Es in the FGSP deployment (see Standalone configuration synchronization). You can use the M1 and M2 interfaces for configuration synchronization. You can also configure the FortiGate-7000Es separately or use FortiManager to keep key parts of the configuration, such as security policies, synchronized.

FortiGate-7000E FGSP support has the following limitations:

  • FortiGate-7000E FGSP doesn't support setting up IPv6 session filters using the config session-sync-filter option.
  • Asymmetric IPv6 SCTP traffic sessions are not supported. These sessions are dropped.
  • Inter-cluster session synchronization, or FGSP between FGCP clusters, is not supported for the FortiGate-7000E.
  • FGSP IPsec tunnel synchronization is not supported.
  • Fragmented packet synchronization is not supported.

FortiGate-7000E FGSP

FortiGate-7000E supports the FortiGate Session Life Support Protocol (FGSP) (also called standalone session sync) to synchronize sessions among up to four FortiGate-7000Es. FortiGate-7000E also supports FGSP between FGCP clusters.

For details about FGSP, see: FGSP.

You have the following options for selecting interfaces to use for FGSP session synchronization:

  • Up to eight physical data interfaces.

  • One or more data interface LAGs.

  • VLANs added to the data interfaces or data interface LAGs.

  • The M1 or M2 interface of either FIM.

  • A LAG consisting of the M1 and M2 interfaces of one or both FIMs.

You can use configuration synchronization to synchronize the configurations of the FortiGate-7000Es in the FGSP deployment (see Standalone configuration synchronization). You can use the M1 and M2 interfaces for configuration synchronization. You can also configure the FortiGate-7000Es separately or use FortiManager to keep key parts of the configuration, such as security policies, synchronized.

FortiGate-7000E FGSP support has the following limitations:

  • FortiGate-7000E FGSP doesn't support setting up IPv6 session filters using the config session-sync-filter option.
  • Asymmetric IPv6 SCTP traffic sessions are not supported. These sessions are dropped.
  • Inter-cluster session synchronization, or FGSP between FGCP clusters, is not supported for the FortiGate-7000E.
  • FGSP IPsec tunnel synchronization is not supported.
  • Fragmented packet synchronization is not supported.