Fortinet white logo
Fortinet white logo

FortiGate-7000E Administration Guide

FortiGate 7000E FGSP

FortiGate 7000E FGSP

FortiGate 7000E supports the FortiGate Session Life Support Protocol (FGSP) (also called standalone session sync) to synchronize sessions among up to four FortiGate 7000Es. FortiGate 7000E also supports FGSP between FGCP clusters.

For details about FGSP, see: FGSP.

You have the following options for selecting interfaces to use for FGSP session synchronization:

  • Up to eight physical data interfaces.

  • One or more data interface LAGs.

  • VLANs added to the data interfaces or data interface LAGs.

  • The M1 or M2 interface of either FIM.

  • A LAG consisting of the M1 and M2 interfaces of one or both FIMs.

FortiGate 7000E FGSP support has the following limitations:

  • SLBC platforms do not support L2 session synchronization links. The session-sync-dev option is not supported.

  • FortiGate 7000E FGSP doesn't support setting up IPv6 session filters using the config session-sync-filter option.
  • Asymmetric IPv6 SCTP traffic sessions are not supported. These sessions are dropped.
  • Inter-cluster session synchronization, or FGSP between FGCP clusters, is not supported for the FortiGate 7000E.
  • FGSP IPsec tunnel synchronization is not supported.
  • Fragmented packet synchronization is not supported.

You can use configuration synchronization to synchronize the configurations of the FortiGate 7000Es in the FGSP deployment (see Standalone configuration synchronization). You can use the M1 and M2 interfaces for configuration synchronization. You can also configure the FortiGate 7000Es separately or use FortiManager to keep key parts of the configuration, such as security policies, synchronized.

FortiGate 7000E FGSP

FortiGate 7000E FGSP

FortiGate 7000E supports the FortiGate Session Life Support Protocol (FGSP) (also called standalone session sync) to synchronize sessions among up to four FortiGate 7000Es. FortiGate 7000E also supports FGSP between FGCP clusters.

For details about FGSP, see: FGSP.

You have the following options for selecting interfaces to use for FGSP session synchronization:

  • Up to eight physical data interfaces.

  • One or more data interface LAGs.

  • VLANs added to the data interfaces or data interface LAGs.

  • The M1 or M2 interface of either FIM.

  • A LAG consisting of the M1 and M2 interfaces of one or both FIMs.

FortiGate 7000E FGSP support has the following limitations:

  • SLBC platforms do not support L2 session synchronization links. The session-sync-dev option is not supported.

  • FortiGate 7000E FGSP doesn't support setting up IPv6 session filters using the config session-sync-filter option.
  • Asymmetric IPv6 SCTP traffic sessions are not supported. These sessions are dropped.
  • Inter-cluster session synchronization, or FGSP between FGCP clusters, is not supported for the FortiGate 7000E.
  • FGSP IPsec tunnel synchronization is not supported.
  • Fragmented packet synchronization is not supported.

You can use configuration synchronization to synchronize the configurations of the FortiGate 7000Es in the FGSP deployment (see Standalone configuration synchronization). You can use the M1 and M2 interfaces for configuration synchronization. You can also configure the FortiGate 7000Es separately or use FortiManager to keep key parts of the configuration, such as security policies, synchronized.