Synchronizing sessions between FGCP clusters
Synchronizing sessions between FGCP clusters is useful when data centers in different locations are used for load-balancing, and traffic must be shared and flow freely based on demand.
There are some limitations when synchronizing sessions between FGCP clusters:
- All FortiGates must have the same model and generation, hardware configuration, and FortiOS version.
- All sessions cannot be synced between clusters. Currently, only TCP sessions can be synced.
- Currently, a total of four clusters can share sessions.
To configure session synchronization between two clusters:
- Configure the two clusters (see HA active-passive cluster setup or HA active-active cluster setup).
- On each cluster, enable session synchronization among HA clusters:
config system ha set inter-cluster-session-sync enable end
- On cluster A, configure the peer IP for the interface:
config system interface edit "port5" set vdom "root" set ip 10.10.10.1 255.255.255.0 set allowaccess ping https ssh snmp http telnet next end
In this example, cluster A uses port5 and its IP address, 10.10.10.1, is reachable from another cluster.
- On cluster A, configure cluster synchronization:
config system cluster-sync edit 1 set peerip 10.10.10.2 next end
- On cluster B, configure the peer IP for the interface:
config system interface edit "port5" set vdom "root" set ip 10.10.10.2 255.255.255.0 set allowaccess ping https ssh snmp http telnet next end
In this example, cluster B uses port5 and its IP address, 10.10.10.2, is reachable from another cluster.
- On cluster B, configure cluster synchronization:
config system cluster-sync edit 1 set peerip 10.10.10.1 next end