FGSP (session-sync) peer setup
Connect all necessary interfaces as per the topology diagram below. Interfaces may be changed depending on the models in use. Interface names in the topology diagram are for example purposes only.
To setup a FGSP peer through the CLI:
These instructions assume that the device has been connected to the console and the CLI is accessible, and that all boxes have been factory reset.
- Connect all necessary interfaces as per the topology diagram.
- Enter the following command to change the FortiGate unit host name:
config system global set hostname Example1_host(Example2_host, etc)
end
- On each FGSP peer device, enter the following command:
config system cluster-sync set peerip xx.xx.xx.xx —>> peer’s interface IP for session info to be passed. end
- Set up identical firewall policies.
FGSP peers share the same session information which goes from the same incoming interface (example: port1) to the outgoing interface (example: port2). Firewall policies should be identical as well, and can be copied from one device to its peer.
To test the setup:
- Initiate TCP traffic (like HTTP access) to go through boxA.
- Check the session information.
Example: diag sys session filter src xx.xx.xx.xx (your PCs IP) diag sys session lsit.
- Use the same command on boxB to determine if the same session information appeared.