TCP and UDP load balancing
You can use the following command to configure the cluster to load balance TCP sessions in addition to security profile sessions.
config system ha
set load-balance-all enable
end
Enabling load-balance-all
to add load balancing of TCP sessions may not improve performance because the cluster requires additional overhead to load balance sessions. Load balancing a TCP session usually requires about as much overhead as just processing it. On the other hand, TCP load balancing performance may be improved if your FortiGate includes NP4 or NP6 processors.
You can enable load-balance-all
and monitor network performance to see if it improves. If performance is not improved, you might want to change the HA mode to active-passive since active-active HA is not providing any benefit.
On some FortiGate models you can use the following command to also load balance UDP sessions:
config system ha
set load-balance-udp enable
end
Similar to load balancing TCP sessions, load balancing UDP sessions may also not improve performance. Also UDP load balancing performance may be improved with NP4 and NP6 processors.