Fortinet black logo

CLI Reference

7.4.5
7.6.0
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

config system standalone-cluster

config system standalone-cluster

Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes.

config system standalone-cluster
    Description: Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes.
    set asymmetric-traffic-control [cps-preferred|strict-anti-replay]
    config cluster-peer
        Description: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization.
        edit <sync-id>
            set down-intfs-before-sess-sync <name1>, <name2>, ...
            set hb-interval {integer}
            set hb-lost-threshold {integer}
            set ipsec-tunnel-sync [enable|disable]
            set peerip {ipv4-address}
            set peervd {string}
            set secondary-add-ipsec-routes [enable|disable]
            config session-sync-filter
                Description: Add one or more filters if you only want to synchronize some sessions. Use the filter to configure the types of sessions to synchronize.
                config custom-service
                    Description: Only sessions using these custom services are synchronized. Use source and destination port ranges to define these custom services.
                    edit <id>
                        set dst-port-range {user}
                        set src-port-range {user}
                    next
                end
                set dstaddr {ipv4-classnet-any}
                set dstaddr6 {ipv6-network}
                set dstintf {string}
                set srcaddr {ipv4-classnet-any}
                set srcaddr6 {ipv6-network}
                set srcintf {string}
            end
            set syncvd <name1>, <name2>, ...
        next
    end
    set encryption [enable|disable]
    set group-member-id {integer}
    set layer2-connection [available|unavailable]
    set psksecret {password-3}
    set session-sync-dev {user}
    set standalone-group-id {integer}
end

config system standalone-cluster

Parameter

Description

Type

Size

Default

asymmetric-traffic-control

Asymmetric traffic control mode.

option

-

cps-preferred

Option

Description

cps-preferred

Connection per second (CPS) preferred.

strict-anti-replay

Strict anti-replay check.

encryption

Enable/disable encryption when synchronizing sessions.

option

-

disable

Option

Description

enable

Enable encryption when synchronizing sessions.

disable

Disable encryption when synchronizing sessions.

group-member-id

Cluster member ID.

integer

Minimum value: 0 Maximum value: 15

0

layer2-connection

Indicate whether layer 2 connections are present among FGSP members.

option

-

unavailable

Option

Description

available

There exist layer 2 connections among FGSP members.

unavailable

There does not exist layer 2 connection among FGSP members.

psksecret

Pre-shared secret for session synchronization (ASCII string or hexadecimal encoded with a leading 0x).

password-3

Not Specified

session-sync-dev

Offload session-sync process to kernel and sync sessions using connected interface(s) directly.

user

Not Specified

standalone-group-id

Cluster group ID. Must be the same for all members.

integer

Minimum value: 0 Maximum value: 255

0

config cluster-peer

Parameter

Description

Type

Size

Default

down-intfs-before-sess-sync <name>

List of interfaces to be turned down before session synchronization is complete.

Interface name.

string

Maximum length: 79

hb-interval

Heartbeat interval. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 20

2

hb-lost-threshold

Lost heartbeat threshold. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 60

10

ipsec-tunnel-sync

Enable/disable IPsec tunnel synchronization.

option

-

enable

Option

Description

enable

Enable IPsec tunnel synchronization.

disable

Disable IPsec tunnel synchronization.

peerip

IP address of the interface on the peer unit that is used for the session synchronization link.

ipv4-address

Not Specified

0.0.0.0

peervd

VDOM that contains the session synchronization link interface on the peer unit. Usually both peers would have the same peervd.

string

Maximum length: 31

root

secondary-add-ipsec-routes

Enable/disable IKE route announcement on the backup unit.

option

-

enable

Option

Description

enable

Add IKE routes to the backup unit.

disable

Do not add IKE routes to the backup unit.

sync-id

Sync ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

syncvd <name>

Sessions from these VDOMs are synchronized using this session synchronization configuration.

VDOM name.

string

Maximum length: 79

config session-sync-filter

Parameter

Description

Type

Size

Default

dstaddr

Only sessions to this IPv4 address are synchronized.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

dstaddr6

Only sessions to this IPv6 address are synchronized.

ipv6-network

Not Specified

::/0

dstintf

Only sessions to this interface are synchronized.

string

Maximum length: 15

srcaddr

Only sessions from this IPv4 address are synchronized.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

srcaddr6

Only sessions from this IPv6 address are synchronized.

ipv6-network

Not Specified

::/0

srcintf

Only sessions from this interface are synchronized.

string

Maximum length: 15

config custom-service

Parameter

Description

Type

Size

Default

dst-port-range

Custom service destination port range.

user

Not Specified

0-0

id

Custom service ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

src-port-range

Custom service source port range.

user

Not Specified

0-0
Previous
Next

config system standalone-cluster

config system standalone-cluster

Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes.

config system standalone-cluster
    Description: Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes.
    set asymmetric-traffic-control [cps-preferred|strict-anti-replay]
    config cluster-peer
        Description: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization.
        edit <sync-id>
            set down-intfs-before-sess-sync <name1>, <name2>, ...
            set hb-interval {integer}
            set hb-lost-threshold {integer}
            set ipsec-tunnel-sync [enable|disable]
            set peerip {ipv4-address}
            set peervd {string}
            set secondary-add-ipsec-routes [enable|disable]
            config session-sync-filter
                Description: Add one or more filters if you only want to synchronize some sessions. Use the filter to configure the types of sessions to synchronize.
                config custom-service
                    Description: Only sessions using these custom services are synchronized. Use source and destination port ranges to define these custom services.
                    edit <id>
                        set dst-port-range {user}
                        set src-port-range {user}
                    next
                end
                set dstaddr {ipv4-classnet-any}
                set dstaddr6 {ipv6-network}
                set dstintf {string}
                set srcaddr {ipv4-classnet-any}
                set srcaddr6 {ipv6-network}
                set srcintf {string}
            end
            set syncvd <name1>, <name2>, ...
        next
    end
    set encryption [enable|disable]
    set group-member-id {integer}
    set layer2-connection [available|unavailable]
    set psksecret {password-3}
    set session-sync-dev {user}
    set standalone-group-id {integer}
end

config system standalone-cluster

Parameter

Description

Type

Size

Default

asymmetric-traffic-control

Asymmetric traffic control mode.

option

-

cps-preferred

Option

Description

cps-preferred

Connection per second (CPS) preferred.

strict-anti-replay

Strict anti-replay check.

encryption

Enable/disable encryption when synchronizing sessions.

option

-

disable

Option

Description

enable

Enable encryption when synchronizing sessions.

disable

Disable encryption when synchronizing sessions.

group-member-id

Cluster member ID.

integer

Minimum value: 0 Maximum value: 15

0

layer2-connection

Indicate whether layer 2 connections are present among FGSP members.

option

-

unavailable

Option

Description

available

There exist layer 2 connections among FGSP members.

unavailable

There does not exist layer 2 connection among FGSP members.

psksecret

Pre-shared secret for session synchronization (ASCII string or hexadecimal encoded with a leading 0x).

password-3

Not Specified

session-sync-dev

Offload session-sync process to kernel and sync sessions using connected interface(s) directly.

user

Not Specified

standalone-group-id

Cluster group ID. Must be the same for all members.

integer

Minimum value: 0 Maximum value: 255

0

config cluster-peer

Parameter

Description

Type

Size

Default

down-intfs-before-sess-sync <name>

List of interfaces to be turned down before session synchronization is complete.

Interface name.

string

Maximum length: 79

hb-interval

Heartbeat interval. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 20

2

hb-lost-threshold

Lost heartbeat threshold. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 60

10

ipsec-tunnel-sync

Enable/disable IPsec tunnel synchronization.

option

-

enable

Option

Description

enable

Enable IPsec tunnel synchronization.

disable

Disable IPsec tunnel synchronization.

peerip

IP address of the interface on the peer unit that is used for the session synchronization link.

ipv4-address

Not Specified

0.0.0.0

peervd

VDOM that contains the session synchronization link interface on the peer unit. Usually both peers would have the same peervd.

string

Maximum length: 31

root

secondary-add-ipsec-routes

Enable/disable IKE route announcement on the backup unit.

option

-

enable

Option

Description

enable

Add IKE routes to the backup unit.

disable

Do not add IKE routes to the backup unit.

sync-id

Sync ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

syncvd <name>

Sessions from these VDOMs are synchronized using this session synchronization configuration.

VDOM name.

string

Maximum length: 79

config session-sync-filter

Parameter

Description

Type

Size

Default

dstaddr

Only sessions to this IPv4 address are synchronized.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

dstaddr6

Only sessions to this IPv6 address are synchronized.

ipv6-network

Not Specified

::/0

dstintf

Only sessions to this interface are synchronized.

string

Maximum length: 15

srcaddr

Only sessions from this IPv4 address are synchronized.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

srcaddr6

Only sessions from this IPv6 address are synchronized.

ipv6-network

Not Specified

::/0

srcintf

Only sessions from this interface are synchronized.

string

Maximum length: 15

config custom-service

Parameter

Description

Type

Size

Default

dst-port-range

Custom service destination port range.

user

Not Specified

0-0

id

Custom service ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

src-port-range

Custom service source port range.

user

Not Specified

0-0
Previous
Next