Fortinet black logo

Administration Guide

Synchronizing sessions between FGCP clusters

Synchronizing sessions between FGCP clusters is useful when data centers in different locations are used for load-balancing, and traffic must be shared and flow freely based on demand.

There are some limitations when synchronizing sessions between FGCP clusters:

  • All FortiGates must have the same model and generation, hardware configuration, and FortiOS version.
  • Currently, a total of four clusters can share sessions.
To configure session synchronization between two clusters:
  1. Configure the two clusters (see HA active-passive cluster setup or HA active-active cluster setup).
  2. On cluster A, configure the peer IP for the interface:
    config system interface
        edit "port5"
            set vdom "root"
            set ip 10.10.10.1 255.255.255.0
            set allowaccess ping https ssh snmp http telnet
        next
    end

    In this example, cluster A uses port5 and its IP address, 10.10.10.1, is reachable from another cluster.

  3. On cluster A, configure cluster and session synchronization:
    config system cluster-sync
        edit 1
            set peerip 10.10.10.2
        next
    end
  4. On cluster A, configure additional FGSP attributes as needed:
    config system standalone-cluster
        set standalone-group-id 1
        set group-member-id 0
        set session-sync-dev <interface>
    end

    The standalone-group-id must match between FGSP members. The group-member-id is unique for each FGCP cluster. session-sync-dev is an optional command to specify the interfaces to sync sessions.

  5. On cluster B, configure the peer IP for the interface:
    config system interface
        edit "port5"
            set vdom "root"
            set ip 10.10.10.2 255.255.255.0
            set allowaccess ping https ssh snmp http telnet
        next
    end

    In this example, cluster B uses port5 and its IP address, 10.10.10.2, is reachable from another cluster.

  6. On cluster B, configure cluster and session synchronization:
    config system cluster-sync
        edit 1
            set peerip 10.10.10.1
        next
    end
  7. On cluster B, configure additional FGSP attributes as needed:
    config system standalone-cluster
        set standalone-group-id 1
        set group-member-id 1
        set session-sync-dev <interface>
    end

Synchronizing sessions between FGCP clusters is useful when data centers in different locations are used for load-balancing, and traffic must be shared and flow freely based on demand.

There are some limitations when synchronizing sessions between FGCP clusters:

  • All FortiGates must have the same model and generation, hardware configuration, and FortiOS version.
  • Currently, a total of four clusters can share sessions.
To configure session synchronization between two clusters:
  1. Configure the two clusters (see HA active-passive cluster setup or HA active-active cluster setup).
  2. On cluster A, configure the peer IP for the interface:
    config system interface
        edit "port5"
            set vdom "root"
            set ip 10.10.10.1 255.255.255.0
            set allowaccess ping https ssh snmp http telnet
        next
    end

    In this example, cluster A uses port5 and its IP address, 10.10.10.1, is reachable from another cluster.

  3. On cluster A, configure cluster and session synchronization:
    config system cluster-sync
        edit 1
            set peerip 10.10.10.2
        next
    end
  4. On cluster A, configure additional FGSP attributes as needed:
    config system standalone-cluster
        set standalone-group-id 1
        set group-member-id 0
        set session-sync-dev <interface>
    end

    The standalone-group-id must match between FGSP members. The group-member-id is unique for each FGCP cluster. session-sync-dev is an optional command to specify the interfaces to sync sessions.

  5. On cluster B, configure the peer IP for the interface:
    config system interface
        edit "port5"
            set vdom "root"
            set ip 10.10.10.2 255.255.255.0
            set allowaccess ping https ssh snmp http telnet
        next
    end

    In this example, cluster B uses port5 and its IP address, 10.10.10.2, is reachable from another cluster.

  6. On cluster B, configure cluster and session synchronization:
    config system cluster-sync
        edit 1
            set peerip 10.10.10.1
        next
    end
  7. On cluster B, configure additional FGSP attributes as needed:
    config system standalone-cluster
        set standalone-group-id 1
        set group-member-id 1
        set session-sync-dev <interface>
    end