config system standalone-cluster

Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes.

config system standalone-cluster
    Description: Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes.
    config cluster-peer
        Description: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization.
        edit <sync-id>
            set peervd {string}
            set peerip {ipv4-address}
            set syncvd <name1>, <name2>, ...
            set down-intfs-before-sess-sync <name1>, <name2>, ...
            set hb-interval {integer}
            set hb-lost-threshold {integer}
            set ipsec-tunnel-sync [enable|disable]
            set secondary-add-ipsec-routes [enable|disable]
            config session-sync-filter
                Description: Add one or more filters if you only want to synchronize some sessions. Use the filter to configure the types of sessions to synchronize.
                set srcintf {string}
                set dstintf {string}
                set srcaddr {ipv4-classnet-any}
                set dstaddr {ipv4-classnet-any}
                set srcaddr6 {ipv6-network}
                set dstaddr6 {ipv6-network}
                config custom-service
                    Description: Only sessions using these custom services are synchronized. Use source and destination port ranges to define these custom services.
                    edit <id>
                        set src-port-range {user}
                        set dst-port-range {user}
                    next
                end
            end
        next
    end
    set encryption [enable|disable]
    set group-member-id {integer}
    set layer2-connection [available|unavailable]
    set psksecret {password-3}
    set session-sync-dev {user}
    set standalone-group-id {integer}
end

config system standalone-cluster

Parameter

Description

Type

Size

Default

encryption

Enable/disable encryption when synchronizing sessions.

option

disable

Option	Description
enable	Enable encryption when synchronizing sessions.
disable	Disable encryption when synchronizing sessions.

group-member-id

Cluster member ID.

integer

Minimum value: 0 Maximum value: 15

layer2-connection

Indicate whether layer 2 connections are present among FGSP members.

option

unavailable

Option	Description
available	There exist layer 2 connections among FGSP members.
unavailable	There does not exist layer 2 connection among FGSP members.

psksecret

Pre-shared secret for session synchronization (ASCII string or hexadecimal encoded with a leading 0x).

password-3

Not Specified

session-sync-dev

Offload session-sync process to kernel and sync sessions using connected interface(s) directly.

user

Not Specified

standalone-group-id

Cluster group ID. Must be the same for all members.

integer

Minimum value: 0 Maximum value: 255

config cluster-peer

Parameter

Description

Type

Size

Default

sync-id

Sync ID.

integer

Minimum value: 0 Maximum value: 4294967295

peervd

VDOM that contains the session synchronization link interface on the peer unit. Usually both peers would have the same peervd.

string

Maximum length: 31

root

peerip

IP address of the interface on the peer unit that is used for the session synchronization link.

ipv4-address

Not Specified

0.0.0.0

syncvd <name>

Sessions from these VDOMs are synchronized using this session synchronization configuration.

VDOM name.

string

Maximum length: 79

down-intfs-before-sess-sync <name>

List of interfaces to be turned down before session synchronization is complete.

Interface name.

string

Maximum length: 79

hb-interval

Heartbeat interval. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 20

hb-lost-threshold

Lost heartbeat threshold. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 60

ipsec-tunnel-sync

Enable/disable IPsec tunnel synchronization.

option

enable

Option	Description
enable	Enable IPsec tunnel synchronization.
disable	Disable IPsec tunnel synchronization.

secondary-add-ipsec-routes

Enable/disable IKE route announcement on the backup unit.

option

enable

Option	Description
enable	Add IKE routes to the backup unit.
disable	Do not add IKE routes to the backup unit.

config session-sync-filter

Parameter	Description	Type	Size	Default
srcintf	Only sessions from this interface are synchronized.	string	Maximum length: 15
dstintf	Only sessions to this interface are synchronized.	string	Maximum length: 15
srcaddr	Only sessions from this IPv4 address are synchronized.	ipv4-classnet-any	Not Specified	0.0.0.0 0.0.0.0
dstaddr	Only sessions to this IPv4 address are synchronized.	ipv4-classnet-any	Not Specified	0.0.0.0 0.0.0.0
srcaddr6	Only sessions from this IPv6 address are synchronized.	ipv6-network	Not Specified	::/0
dstaddr6	Only sessions to this IPv6 address are synchronized.	ipv6-network	Not Specified	::/0

config custom-service

Parameter	Description	Type	Size	Default
id	Custom service ID.	integer	Minimum value: 0 Maximum value: 4294967295	0
src-port-range	Custom service source port range.	user	Not Specified	0-0
dst-port-range	Custom service destination port range.	user	Not Specified	0-0

config system standalone-cluster

Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes.

config system standalone-cluster
    Description: Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes.
    config cluster-peer
        Description: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization.
        edit <sync-id>
            set peervd {string}
            set peerip {ipv4-address}
            set syncvd <name1>, <name2>, ...
            set down-intfs-before-sess-sync <name1>, <name2>, ...
            set hb-interval {integer}
            set hb-lost-threshold {integer}
            set ipsec-tunnel-sync [enable|disable]
            set secondary-add-ipsec-routes [enable|disable]
            config session-sync-filter
                Description: Add one or more filters if you only want to synchronize some sessions. Use the filter to configure the types of sessions to synchronize.
                set srcintf {string}
                set dstintf {string}
                set srcaddr {ipv4-classnet-any}
                set dstaddr {ipv4-classnet-any}
                set srcaddr6 {ipv6-network}
                set dstaddr6 {ipv6-network}
                config custom-service
                    Description: Only sessions using these custom services are synchronized. Use source and destination port ranges to define these custom services.
                    edit <id>
                        set src-port-range {user}
                        set dst-port-range {user}
                    next
                end
            end
        next
    end
    set encryption [enable|disable]
    set group-member-id {integer}
    set layer2-connection [available|unavailable]
    set psksecret {password-3}
    set session-sync-dev {user}
    set standalone-group-id {integer}
end

config system standalone-cluster

Parameter

Description

Type

Size

Default

encryption

Enable/disable encryption when synchronizing sessions.

option

disable

Option	Description
enable	Enable encryption when synchronizing sessions.
disable	Disable encryption when synchronizing sessions.

group-member-id

Cluster member ID.

integer

Minimum value: 0 Maximum value: 15

layer2-connection

Indicate whether layer 2 connections are present among FGSP members.

option

unavailable

Option	Description
available	There exist layer 2 connections among FGSP members.
unavailable	There does not exist layer 2 connection among FGSP members.

psksecret

Pre-shared secret for session synchronization (ASCII string or hexadecimal encoded with a leading 0x).

password-3

Not Specified

session-sync-dev

Offload session-sync process to kernel and sync sessions using connected interface(s) directly.

user

Not Specified

standalone-group-id

Cluster group ID. Must be the same for all members.

integer

Minimum value: 0 Maximum value: 255

config cluster-peer

Parameter

Description

Type

Size

Default

sync-id

Sync ID.

integer

Minimum value: 0 Maximum value: 4294967295

peervd

VDOM that contains the session synchronization link interface on the peer unit. Usually both peers would have the same peervd.

string

Maximum length: 31

root

peerip

IP address of the interface on the peer unit that is used for the session synchronization link.

ipv4-address

Not Specified

0.0.0.0

syncvd <name>

Sessions from these VDOMs are synchronized using this session synchronization configuration.

VDOM name.

string

Maximum length: 79

down-intfs-before-sess-sync <name>

List of interfaces to be turned down before session synchronization is complete.

Interface name.

string

Maximum length: 79

hb-interval

Heartbeat interval. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 20

hb-lost-threshold

Lost heartbeat threshold. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 60

ipsec-tunnel-sync

Enable/disable IPsec tunnel synchronization.

option

enable

Option	Description
enable	Enable IPsec tunnel synchronization.
disable	Disable IPsec tunnel synchronization.

secondary-add-ipsec-routes

Enable/disable IKE route announcement on the backup unit.

option

enable

Option	Description
enable	Add IKE routes to the backup unit.
disable	Do not add IKE routes to the backup unit.

config session-sync-filter

Parameter	Description	Type	Size	Default
srcintf	Only sessions from this interface are synchronized.	string	Maximum length: 15
dstintf	Only sessions to this interface are synchronized.	string	Maximum length: 15
srcaddr	Only sessions from this IPv4 address are synchronized.	ipv4-classnet-any	Not Specified	0.0.0.0 0.0.0.0
dstaddr	Only sessions to this IPv4 address are synchronized.	ipv4-classnet-any	Not Specified	0.0.0.0 0.0.0.0
srcaddr6	Only sessions from this IPv6 address are synchronized.	ipv6-network	Not Specified	::/0
dstaddr6	Only sessions to this IPv6 address are synchronized.	ipv6-network	Not Specified	::/0

config custom-service

Parameter	Description	Type	Size	Default
id	Custom service ID.	integer	Minimum value: 0 Maximum value: 4294967295	0
src-port-range	Custom service source port range.	user	Not Specified	0-0
dst-port-range	Custom service destination port range.	user	Not Specified	0-0

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config system standalone-cluster

config system standalone-cluster

config system standalone-cluster

config cluster-peer

config session-sync-filter

config custom-service

config system standalone-cluster

config system standalone-cluster

config system standalone-cluster

config cluster-peer

config session-sync-filter

config custom-service