Fortinet white logo
Fortinet white logo

Cookbook

Synchronizing sessions between FGCP clusters

Synchronizing sessions between FGCP clusters

Synchronizing sessions between FGCP clusters is useful when data centers in different locations are used for load-balancing, and traffic must be shared and flow freely based on demand.

There are some limitations when synchronizing sessions between FGCP clusters:

  • All FortiGates must have the same model and generation, hardware configuration, and FortiOS version.
  • All sessions cannot be synced between clusters. Currently, only TCP sessions can be synced.
  • Currently, a total of four clusters can share sessions.
To configure session synchronization between two clusters:
  1. Configure the two clusters (see HA active-passive cluster setup or HA active-active cluster setup).
  2. On each cluster, enable session synchronization among HA clusters:
    config system ha
        set inter-cluster-session-sync enable
    end
  3. On cluster A, configure the peer IP for the interface:
    config system interface
        edit "port5"
            set vdom "root"
            set ip 10.10.10.1 255.255.255.0
            set allowaccess ping https ssh snmp http telnet
        next
    end

    In this example, cluster A uses port5 and its IP address, 10.10.10.1, is reachable from another cluster.

  4. On cluster A, configure cluster synchronization:
    config system cluster-sync
        edit 1
            set peerip 10.10.10.2
        next
    end
  5. On cluster B, configure the peer IP for the interface:
    config system interface
        edit "port5"
            set vdom "root"
            set ip 10.10.10.2 255.255.255.0
            set allowaccess ping https ssh snmp http telnet
        next
    end

    In this example, cluster B uses port5 and its IP address, 10.10.10.2, is reachable from another cluster.

  6. On cluster B, configure cluster synchronization:
    config system cluster-sync
        edit 1
            set peerip 10.10.10.1
        next
    end

Synchronizing sessions between FGCP clusters

Synchronizing sessions between FGCP clusters

Synchronizing sessions between FGCP clusters is useful when data centers in different locations are used for load-balancing, and traffic must be shared and flow freely based on demand.

There are some limitations when synchronizing sessions between FGCP clusters:

  • All FortiGates must have the same model and generation, hardware configuration, and FortiOS version.
  • All sessions cannot be synced between clusters. Currently, only TCP sessions can be synced.
  • Currently, a total of four clusters can share sessions.
To configure session synchronization between two clusters:
  1. Configure the two clusters (see HA active-passive cluster setup or HA active-active cluster setup).
  2. On each cluster, enable session synchronization among HA clusters:
    config system ha
        set inter-cluster-session-sync enable
    end
  3. On cluster A, configure the peer IP for the interface:
    config system interface
        edit "port5"
            set vdom "root"
            set ip 10.10.10.1 255.255.255.0
            set allowaccess ping https ssh snmp http telnet
        next
    end

    In this example, cluster A uses port5 and its IP address, 10.10.10.1, is reachable from another cluster.

  4. On cluster A, configure cluster synchronization:
    config system cluster-sync
        edit 1
            set peerip 10.10.10.2
        next
    end
  5. On cluster B, configure the peer IP for the interface:
    config system interface
        edit "port5"
            set vdom "root"
            set ip 10.10.10.2 255.255.255.0
            set allowaccess ping https ssh snmp http telnet
        next
    end

    In this example, cluster B uses port5 and its IP address, 10.10.10.2, is reachable from another cluster.

  6. On cluster B, configure cluster synchronization:
    config system cluster-sync
        edit 1
            set peerip 10.10.10.1
        next
    end