Configuring FGCP HA hardware session synchronization
Use the following command to configure FGCP HA hardware session synchronization.
config system ha
set session-pickup enable
set hw-session-sync-dev <interface>
end
session-pickup
must be enabled for FGCP HA hardware session synchronization.
hw-session-sync-dev
select an interface to use to synchronize hardware sessions between the FortiGates in an FGCP cluster. Fortinet recommends using a data interface or a data interface LAG as the FGCP HA hardware session synchronization interface. The interface or LAG can only be used for FGCP HA hardware session synchronization. See Recommended interface use for an FGCP HA hyperscale firewall cluster.
Use the following configuration to create a data interface LAG. The members of the LAG can be any data interfaces that can be added to LAGs as supported by your FortiGate model.
config system interface
edit HA-session-lag
set type aggregate
set member port13 port14 port15 port16
set lacp-mode static
end
You can only use a static mode LAG as the hardware session synchronization interface ( |
Use the following command to set the LAG as the FGCP HA hardware session synchronization interface.
config system ha
set session-pickup enable
set hw-session-sync-dev HA-session-lag
end
For some FortiGates there is a limitation on the interfaces that can be used for hardware session synchronization. For example, for the FortiGate 1800F and 1801F you can only use the port25 to port40 interfaces as FGCP HA hardware session synchronization interfaces.
Hardware session synchronization can use a lot of bandwidth so you should use a dedicated data interface or data interface LAG. Both FortiGates in the FGCP HA cluster must use the same data interface or data interface LAG for FGCP HA hardware session synchronization and these interfaces must be directly connected.