Fortinet black logo

FortiGate-7000F Handbook

Using data interfaces for FGSP session synchronization

Copy Link
Copy Doc ID f2d4ea6c-35c4-11ed-9d74-fa163e15d75b:167050
Download PDF

Using data interfaces for FGSP session synchronization

FortiGate-7000F FGSP supports using up to eight physical data interfaces for FGSP session synchronization.

Use the following command to select up to eight physical data interfaces to use for FGSP session synchronization:

config system standalone-cluster

set data-intf-session-sync-dev <interface-name> [<interface-name> ...]

end

You can use these individual interfaces or VLANs added to these interfaces for FGSP session synchronization. You can also create LAGs of two or more of these physical interfaces and use the LAGs for FGSP session synchronization. You can also add a VLAN to a LAG and use this VLAN for FGSP session synchronization.

Fortinet recommends:

  • Use a data interface LAG for FGSP session synchronization. A LAG supports higher throughput than a single interface and also provides redundancy.

  • To improve redundancy, the data interface LAG should include interfaces from both FIMs.

  • Do not use FGSP session synchronization data interfaces for other traffic.

  • Enable jumbo frames on the data interfaces, LAGs, and VLANs that you use for FGSP session synchronization.

  • Keep the FGSP session synchronization data interfaces in a separate dedicated VDOM. Any VLANs you add to these interfaces or LAGs that you create for FGSP session synchronization should also be in the same dedicated VDOM. You must then specify this VDOM as the peervd in the config system cluster-sync configuration.

    For example, you could create a VDOM called fgsp-sync and add the data interfaces, VLANs and LAGs that you are using for FGSP session synchronization to that VDOM. Then you can create the following config system cluster-sync instance to synchronize sessions from the root VDOM:

    config system cluster-sync

    edit 1

    set peervd fgsp-sync

    set peerip <ip-address>

    set syncvd root

    end

Using data interfaces for FGSP session synchronization

FortiGate-7000F FGSP supports using up to eight physical data interfaces for FGSP session synchronization.

Use the following command to select up to eight physical data interfaces to use for FGSP session synchronization:

config system standalone-cluster

set data-intf-session-sync-dev <interface-name> [<interface-name> ...]

end

You can use these individual interfaces or VLANs added to these interfaces for FGSP session synchronization. You can also create LAGs of two or more of these physical interfaces and use the LAGs for FGSP session synchronization. You can also add a VLAN to a LAG and use this VLAN for FGSP session synchronization.

Fortinet recommends:

  • Use a data interface LAG for FGSP session synchronization. A LAG supports higher throughput than a single interface and also provides redundancy.

  • To improve redundancy, the data interface LAG should include interfaces from both FIMs.

  • Do not use FGSP session synchronization data interfaces for other traffic.

  • Enable jumbo frames on the data interfaces, LAGs, and VLANs that you use for FGSP session synchronization.

  • Keep the FGSP session synchronization data interfaces in a separate dedicated VDOM. Any VLANs you add to these interfaces or LAGs that you create for FGSP session synchronization should also be in the same dedicated VDOM. You must then specify this VDOM as the peervd in the config system cluster-sync configuration.

    For example, you could create a VDOM called fgsp-sync and add the data interfaces, VLANs and LAGs that you are using for FGSP session synchronization to that VDOM. Then you can create the following config system cluster-sync instance to synchronize sessions from the root VDOM:

    config system cluster-sync

    edit 1

    set peervd fgsp-sync

    set peerip <ip-address>

    set syncvd root

    end