FGCP GTP tunnel synchronization
FortiGate Clustering Protocol (FGCP) HA provides failover protection for GTP tunnels. This means that an active-passive cluster of two FortiGates licensed for FortiOS Carrier can provide FortiOS Carrier firewall services even when one of the FortiGates in the cluster encounters a problem that would result in complete loss of connectivity for a standalone FortiGate. This failover protection provides a backup mechanism that can be used to reduce the risk of unexpected downtime, especially for mission-critical environments.
Fortinet recommends FGCP GTP tunnel synchronization for an active-passive FGCP cluster of two FortiGates.
FGCP HA can be configured to synchronize TCP and UDP sessions. However synchronizing a session is only part of the solution if the goal is to continue GTP processing on a synchronized session after an HA failover. For that to be successful, FortiOS Carrier also synchronizes the GTP tunnel state. So, once the primary FortiGate in the FGCP cluster completes tunnel setup, the GTP tunnel is synchronized to the secondary or backup FortiGate in the cluster. GTP tunnel synchronization includes synchronizing all GTP tunnel information including session timers.
GTP traffic will only flow without interruption after an HA failover if bidirectional GTP policies have been configured: an internal (GTP server) to external (all) UDP port GTP policy, and an external (all) to internal (GTP server) UDP port GTP policy. If either policy is missing then traffic may be interrupted until traffic flows in the opposite direction.
For more information about HA in FortiOS, see High Availability.