Fortinet black logo

Handbook

Between FGCP clusters

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:500085
Download PDF

Between FGCP clusters

Session synchronization between FGCP clusters (also called inter-cluster session synchronization) allows you to synchronize sessions among FGCP clusters and standalone FortiGates. The FGSP can synchronize sessions among up to four FGCP clusters and FortiGates.

Example session synchronization between a FortiGate and an FGCP cluster

Enter the following command to enable inter-cluster synchronization on an FGCP cluster:

config system ha

set inter-cluster-session-sync enable

end

Once you enable inter-cluster session synchronization, all FGSP configuration options are available in the FGCP cluster CLI and you can set up the FGSP configuration in the same way as for standalone FortiGates.

Inter-cluster session synchronization is compatible with all FGCP operating modes, such as active-active, active-passive, virtual clustering, full mesh HA.

What is synchronized?

Inter-cluster session synchronization synchronizes all supported FGSP session types, including TCP sessions, IPsec tunnels, IKE routes, connectionless sessions (UDP and ICMP), NAT sessions, asymmetric sessions, and expectation sessions. Inter-cluster session synchronization doesn't support configuration synchronization.

Inter-cluster synchronization between data centers

Inter-cluster session synchronization is deployed for session-synchronization among multiple data centers if one or more of the data centers is protected by an FGCP cluster.

Example inter-cluster session synchronization between two data centers

In this example, you enable inter-cluster session synchronization for both of the clusters, and then configure session synchronization options on each cluster, as required.

Between FGCP clusters

Session synchronization between FGCP clusters (also called inter-cluster session synchronization) allows you to synchronize sessions among FGCP clusters and standalone FortiGates. The FGSP can synchronize sessions among up to four FGCP clusters and FortiGates.

Example session synchronization between a FortiGate and an FGCP cluster

Enter the following command to enable inter-cluster synchronization on an FGCP cluster:

config system ha

set inter-cluster-session-sync enable

end

Once you enable inter-cluster session synchronization, all FGSP configuration options are available in the FGCP cluster CLI and you can set up the FGSP configuration in the same way as for standalone FortiGates.

Inter-cluster session synchronization is compatible with all FGCP operating modes, such as active-active, active-passive, virtual clustering, full mesh HA.

What is synchronized?

Inter-cluster session synchronization synchronizes all supported FGSP session types, including TCP sessions, IPsec tunnels, IKE routes, connectionless sessions (UDP and ICMP), NAT sessions, asymmetric sessions, and expectation sessions. Inter-cluster session synchronization doesn't support configuration synchronization.

Inter-cluster synchronization between data centers

Inter-cluster session synchronization is deployed for session-synchronization among multiple data centers if one or more of the data centers is protected by an FGCP cluster.

Example inter-cluster session synchronization between two data centers

In this example, you enable inter-cluster session synchronization for both of the clusters, and then configure session synchronization options on each cluster, as required.