Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-7000E Handbook

FortiGate-7000 FGSP

FortiGate-7000 supports the FortiGate Session Life Support Protocol (FGSP) (also called standalone session sync) to synchronize sessions among up to four FortiGate-7000s.

For details about FGSP, see: FGSP (session synchronization) peer setup.

FortiGate-7000 FGSP support has the following limitations:

  • FortiGate-7000 FGSP can use the M1 or M2 interface for session synchronization. FortiGate-7000 FGSP does not support using a LAG consisting of the M1 and M2 interfaces for session synchronization.
  • To use the M1 or the M2 interface for session synchronization, you must give the interface an IP address and optionally set up routing for the interface as required. Ideally the session synchronization interface of each FortiGate-7000 would be on the same network and that network would only be used for session synchronization traffic. However, you can configure routing to send session synchronization traffic between networks. NAT between session synchronization interfaces is not supported.
  • You can't use data interfaces for FGSP session synchronization.
  • You can use configuration synchronization to synchronize the configurations of the FortiGate-7000s in the FGSP deployment (see Standalone configuration synchronization). You can use the M1 and M2 interfaces for configuration synchronization. You can also configure the FortiGate-7000s separately or use FortiManager to keep key parts of the configuration, such as security policies, synchronized.
  • FortiGate-7000 FGSP doesn't support setting up IPv6 session filters using the config session-sync-filter option.
  • Asymmetric IPv6 SCTP traffic sessions are not supported. These sessions are dropped.
  • Inter-cluster session synchronization, or FGSP between FGCP clusters, is not supported for the FortiGate-7000.
  • FGSP IPsec tunnel synchronization is not supported.
  • Fragmented packet synchronization is not supported.

FortiGate-7000 FGSP

FortiGate-7000 supports the FortiGate Session Life Support Protocol (FGSP) (also called standalone session sync) to synchronize sessions among up to four FortiGate-7000s.

For details about FGSP, see: FGSP (session synchronization) peer setup.

FortiGate-7000 FGSP support has the following limitations:

  • FortiGate-7000 FGSP can use the M1 or M2 interface for session synchronization. FortiGate-7000 FGSP does not support using a LAG consisting of the M1 and M2 interfaces for session synchronization.
  • To use the M1 or the M2 interface for session synchronization, you must give the interface an IP address and optionally set up routing for the interface as required. Ideally the session synchronization interface of each FortiGate-7000 would be on the same network and that network would only be used for session synchronization traffic. However, you can configure routing to send session synchronization traffic between networks. NAT between session synchronization interfaces is not supported.
  • You can't use data interfaces for FGSP session synchronization.
  • You can use configuration synchronization to synchronize the configurations of the FortiGate-7000s in the FGSP deployment (see Standalone configuration synchronization). You can use the M1 and M2 interfaces for configuration synchronization. You can also configure the FortiGate-7000s separately or use FortiManager to keep key parts of the configuration, such as security policies, synchronized.
  • FortiGate-7000 FGSP doesn't support setting up IPv6 session filters using the config session-sync-filter option.
  • Asymmetric IPv6 SCTP traffic sessions are not supported. These sessions are dropped.
  • Inter-cluster session synchronization, or FGSP between FGCP clusters, is not supported for the FortiGate-7000.
  • FGSP IPsec tunnel synchronization is not supported.
  • Fragmented packet synchronization is not supported.