config system standalone-cluster
Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes.
config system standalone-cluster Description: Configure FortiGate Session Life Support Protocol (FGSP) cluster attributes. set asymmetric-traffic-control [cps-preferred|strict-anti-replay] config cluster-peer Description: Configure FortiGate Session Life Support Protocol (FGSP) session synchronization. edit <sync-id> set peervd {string} set peerip {ipv4-address} set syncvd <name1>, <name2>, ... set down-intfs-before-sess-sync <name1>, <name2>, ... set hb-interval {integer} set hb-lost-threshold {integer} set ipsec-tunnel-sync [enable|disable] set secondary-add-ipsec-routes [enable|disable] config session-sync-filter Description: Add one or more filters if you only want to synchronize some sessions. Use the filter to configure the types of sessions to synchronize. set srcintf {string} set dstintf {string} set srcaddr {ipv4-classnet-any} set dstaddr {ipv4-classnet-any} set srcaddr6 {ipv6-network} set dstaddr6 {ipv6-network} config custom-service Description: Only sessions using these custom services are synchronized. Use source and destination port ranges to define these custom services. edit <id> set src-port-range {user} set dst-port-range {user} next end end next end set encryption [enable|disable] set group-member-id {integer} set layer2-connection [available|unavailable] set psksecret {password-3} set session-sync-dev {user} set standalone-group-id {integer} end
config system standalone-cluster
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
asymmetric-traffic-control |
Asymmetric traffic control mode. |
option |
- |
cps-preferred |
||||||
|
|
|||||||||
encryption |
Enable/disable encryption when synchronizing sessions. |
option |
- |
disable |
||||||
|
|
|||||||||
group-member-id |
Cluster member ID. |
integer |
Minimum value: 0 Maximum value: 15 |
0 |
||||||
layer2-connection |
Indicate whether layer 2 connections are present among FGSP members. |
option |
- |
unavailable |
||||||
|
|
|||||||||
psksecret |
Pre-shared secret for session synchronization (ASCII string or hexadecimal encoded with a leading 0x). |
password-3 |
Not Specified |
|
||||||
session-sync-dev |
Offload session-sync process to kernel and sync sessions using connected interface(s) directly. |
user |
Not Specified |
|
||||||
standalone-group-id |
Cluster group ID. Must be the same for all members. |
integer |
Minimum value: 0 Maximum value: 255 |
0 |
config cluster-peer
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
sync-id |
Sync ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||
peervd |
VDOM that contains the session synchronization link interface on the peer unit. Usually both peers would have the same peervd. |
string |
Maximum length: 31 |
root |
||||||
peerip |
IP address of the interface on the peer unit that is used for the session synchronization link. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||
syncvd |
Sessions from these VDOMs are synchronized using this session synchronization configuration. VDOM name. |
string |
Maximum length: 79 |
|
||||||
down-intfs-before-sess-sync |
List of interfaces to be turned down before session synchronization is complete. Interface name. |
string |
Maximum length: 79 |
|
||||||
hb-interval |
Heartbeat interval. Increase to reduce false positives. |
integer |
Minimum value: 1 Maximum value: 20 |
2 |
||||||
hb-lost-threshold |
Lost heartbeat threshold. Increase to reduce false positives. |
integer |
Minimum value: 1 Maximum value: 60 |
10 |
||||||
ipsec-tunnel-sync |
Enable/disable IPsec tunnel synchronization. |
option |
- |
enable |
||||||
|
|
|||||||||
secondary-add-ipsec-routes |
Enable/disable IKE route announcement on the backup unit. |
option |
- |
enable |
||||||
|
|
config session-sync-filter
Parameter |
Description |
Type |
Size |
Default |
---|---|---|---|---|
srcintf |
Only sessions from this interface are synchronized. |
string |
Maximum length: 15 |
|
dstintf |
Only sessions to this interface are synchronized. |
string |
Maximum length: 15 |
|
srcaddr |
Only sessions from this IPv4 address are synchronized. |
ipv4-classnet-any |
Not Specified |
0.0.0.0 0.0.0.0 |
dstaddr |
Only sessions to this IPv4 address are synchronized. |
ipv4-classnet-any |
Not Specified |
0.0.0.0 0.0.0.0 |
srcaddr6 |
Only sessions from this IPv6 address are synchronized. |
ipv6-network |
Not Specified |
::/0 |
dstaddr6 |
Only sessions to this IPv6 address are synchronized. |
ipv6-network |
Not Specified |
::/0 |
config custom-service
Parameter |
Description |
Type |
Size |
Default |
---|---|---|---|---|
id |
Custom service ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
src-port-range |
Custom service source port range. |
user |
Not Specified |
0-0 |
dst-port-range |
Custom service destination port range. |
user |
Not Specified |
0-0 |