Fortinet black logo

Hyperscale Firewall Guide

Configuring HA hardware session synchronization

Configuring HA hardware session synchronization

Use the following command to configure HA hardware session synchronization.

config system ha

set session-pickup enable

set hw-session-sync-dev <interface>

end

session-pickup must be enabled for HA hardware session synchronization.

hw-session-sync-dev select an interface to use to synchronize hardware sessions between the FortiGates in an FGCP cluster. Fortinet recommends using a data interface as the HA hardware session synchronization interface. The interface can only be used for HA hardware session synchronization. See Recommended interface use for an FGCP HA hyperscale firewall cluster.

For some FortiGates there is a limitation on the interfaces that can be used for hardware session synchronization. For example, for the FortiGate-1800F and 1801F you can only use the port25 to port40 interfaces as hardware session synchronization interfaces.

Hardware session synchronization can use a lot of bandwidth so you should use a dedicated data interface or data interface LAG. Both FortiGates in the HA cluster must use the same data interface or data interface LAG for HA hardware session synchronization and these interfaces must be directly connected.

Configuring HA hardware session synchronization

Use the following command to configure HA hardware session synchronization.

config system ha

set session-pickup enable

set hw-session-sync-dev <interface>

end

session-pickup must be enabled for HA hardware session synchronization.

hw-session-sync-dev select an interface to use to synchronize hardware sessions between the FortiGates in an FGCP cluster. Fortinet recommends using a data interface as the HA hardware session synchronization interface. The interface can only be used for HA hardware session synchronization. See Recommended interface use for an FGCP HA hyperscale firewall cluster.

For some FortiGates there is a limitation on the interfaces that can be used for hardware session synchronization. For example, for the FortiGate-1800F and 1801F you can only use the port25 to port40 interfaces as hardware session synchronization interfaces.

Hardware session synchronization can use a lot of bandwidth so you should use a dedicated data interface or data interface LAG. Both FortiGates in the HA cluster must use the same data interface or data interface LAG for HA hardware session synchronization and these interfaces must be directly connected.