Fortinet black logo

Hyperscale Firewall Guide

Configuring HA hardware session synchronization

Configuring HA hardware session synchronization

Use the following command to configure HA hardware session synchronization.

config system ha

set session-pickup enable

set hw-session-sync-dev <interface>

end

session-pickup must be enabled for HA hardware session synchronization.

hw-session-sync-dev select an interface to use to synchronize NP7 sessions. If possible use an interface directly connected to the NP7 processors, see Optimizing HA hardware session synchronization performance. However you can also use data interfaces for hardware session synch interfaces.

For some FortiGates there is a limitation on the interfaces that can be used for hardware session synchronization. For example, for the FortiGate-1800F and 1801F you can only use the port25 to port40 interfaces as hardware session synchronization interfaces.

Hardware session synchronization can use a lot of bandwidth so you should use a dedicated interface. Both FortiGates in the HA cluster must use the same interface for HA hardware session synchronization and these interfaces must be directly connected.

Configuring HA hardware session synchronization

Use the following command to configure HA hardware session synchronization.

config system ha

set session-pickup enable

set hw-session-sync-dev <interface>

end

session-pickup must be enabled for HA hardware session synchronization.

hw-session-sync-dev select an interface to use to synchronize NP7 sessions. If possible use an interface directly connected to the NP7 processors, see Optimizing HA hardware session synchronization performance. However you can also use data interfaces for hardware session synch interfaces.

For some FortiGates there is a limitation on the interfaces that can be used for hardware session synchronization. For example, for the FortiGate-1800F and 1801F you can only use the port25 to port40 interfaces as hardware session synchronization interfaces.

Hardware session synchronization can use a lot of bandwidth so you should use a dedicated interface. Both FortiGates in the HA cluster must use the same interface for HA hardware session synchronization and these interfaces must be directly connected.