FortiGate-6000 FGSP
FortiGate-6000 supports the FortiGate Session Life Support Protocol (FGSP) (also called standalone session sync) to synchronize sessions among up to four FortiGate-6000s. FortiGate-6000 also supports FGSP between FGCP clusters.
For details about FGSP, see: FGSP.
You can have the following options for selecting interfaces to use for FGSP session synchronization:
-
Up to eight physical data interfaces.
-
One or more data interface LAGs.
-
VLANs added to the data interfaces or data interface LAGs.
-
The HA1 and HA2 interfaces.
FortiGate-6000 FGSP support has the following limitations:
-
SLBC platforms do not support L2 session synchronization links. The
session-sync-devoption is not supported. - FortiGate-6000 FGSP doesn't support setting up IPv6 session filters using the
config session-sync-filteroption. - Asymmetric IPv6 SCTP traffic sessions are not supported. These sessions are dropped.
- Inter-cluster session synchronization, or FGSP between FGCP clusters, is supported, see Synchronizing sessions between FGCP clusters.
- FGSP IPsec tunnel synchronization is not supported.
- Fragmented packet synchronization is not supported.
You can use configuration synchronization to synchronize the configurations of the FortiGate-6000s in the FGSP deployment (see Standalone configuration synchronization). You can use the HA1 and HA2 interfaces for configuration synchronization. You can also configure the FortiGate-6000s separately or use FortiManager to keep key parts of the configuration, such as security policies, synchronized.