FortiGate-7000F session synchronization involves the primary FortiGate-7000F informing the secondary FortiGate-7000F of changes to the primary FortiGate-7000F connection and state tables, keeping the secondary FortiGate-7000F up-to-date with the traffic currently being processed by the cluster.
Session synchronization traffic uses the M1 and M2 interfaces. FortiGate-7000F does not support using the
session-sync-dev option to use data interfaces for session synchronization. The M1 and M2 interfaces provide enough bandwidth for both HA heartbeat and session synchronization traffic, so additional session synchronization devices are not required. As well, keeping session synchronization traffic on the M1 and M2 interfaces separates session synchronization traffic from data traffic.
After an HA failover, because of session synchronization the new primary FortiGate-7000F recognizes open sessions that were being handled by the cluster. The sessions continue to be processed by the new primary FortiGate-7000F and are handled according to their last known state.