Fortinet black logo

Hyperscale Firewall Guide

Configuring FGCP HA hardware session synchronization

Copy Link
Copy Doc ID 412d132a-249e-11ed-9eba-fa163e15d75b:232377
Download PDF

Configuring FGCP HA hardware session synchronization

Use the following command to configure HA hardware session synchronization.

config system ha

set session-pickup enable

set hw-session-sync-dev <interface>

end

session-pickup must be enabled for FGCP HA hardware session synchronization.

hw-session-sync-dev select an interface to use to synchronize hardware sessions between the FortiGates in an FGCP cluster. Fortinet recommends using a data interface as the FGCP HA hardware session synchronization interface. The interface can only be used for FGCP HA hardware session synchronization. See Recommended interface use for an FGCP HA hyperscale firewall cluster.

For some FortiGates there is a limitation on the interfaces that can be used for hardware session synchronization. For example, for the FortiGate-1800F and 1801F you can only use the port25 to port40 interfaces as hardware session synchronization interfaces.

Hardware session synchronization can use a lot of bandwidth so you should use a dedicated data interface. Both FortiGates in the HA cluster must use the same data interface for FGCP HA hardware session synchronization and these interfaces must be directly connected.

Configuring FGCP HA hardware session synchronization

Use the following command to configure HA hardware session synchronization.

config system ha

set session-pickup enable

set hw-session-sync-dev <interface>

end

session-pickup must be enabled for FGCP HA hardware session synchronization.

hw-session-sync-dev select an interface to use to synchronize hardware sessions between the FortiGates in an FGCP cluster. Fortinet recommends using a data interface as the FGCP HA hardware session synchronization interface. The interface can only be used for FGCP HA hardware session synchronization. See Recommended interface use for an FGCP HA hyperscale firewall cluster.

For some FortiGates there is a limitation on the interfaces that can be used for hardware session synchronization. For example, for the FortiGate-1800F and 1801F you can only use the port25 to port40 interfaces as hardware session synchronization interfaces.

Hardware session synchronization can use a lot of bandwidth so you should use a dedicated data interface. Both FortiGates in the HA cluster must use the same data interface for FGCP HA hardware session synchronization and these interfaces must be directly connected.