Using data interfaces for FGSP session synchronization
FortiGate-7000F FGSP supports using up to eight physical data interfaces for FGSP session synchronization.
Use the following command to select up to eight physical data interfaces to use for FGSP session synchronization:
config system standalone-cluster
set data-intf-session-sync-dev <interface-name> [<interface-name> ...]
end
You can use these individual interfaces or VLANs added to these interfaces for FGSP session synchronization. You can also create LAGs of two or more of these physical interfaces and use the LAGs for FGSP session synchronization. You can also add a VLAN to a LAG and use this VLAN for FGSP session synchronization.
Fortinet recommends:
-
Use a data interface LAG for FGSP session synchronization. A LAG supports higher throughput than a single interface and also provides redundancy.
-
To improve redundancy, the data interface LAG should include interfaces from both FIMs.
-
Do not use FGSP session synchronization data interfaces for other traffic.
-
Enable jumbo frames on the data interfaces, LAGs, and VLANs that you use for FGSP session synchronization.
-
Keep the FGSP session synchronization data interfaces in a separate dedicated VDOM. Any VLANs you add to these interfaces or LAGs that you create for FGSP session synchronization should also be in the same dedicated VDOM. You must then specify this VDOM as the
peervd
in theconfig system cluster-sync
configuration.For example, you could create a VDOM called
fgsp-sync
and add the data interfaces, VLANs and LAGs that you are using for FGSP session synchronization to that VDOM. Then you can create the followingconfig system cluster-sync
instance to synchronize sessions from the root VDOM:config system cluster-sync
edit 1
set peervd fgsp-sync
set peerip <ip-address>
set syncvd root
end