FortiGate Session Life Support Protocol (FGSP)
In a network that already includes load balancing (either with load balancers or routers) for traffic redundancy, two identical FortiGates can be integrated into the load balancing configuration using the FortiGate Session Life Support Protocol (FGSP). The external load balancers or routers can distribute sessions among the FortiGates and the FGSP performs session synchronization of IPv4 and IPv6 TCP, SCTP, UDP, ICMP, expectation, and NAT sessions to keep the session tables of both FortiGates synchronized.
If one of the FortiGates fails, session failover occurs and active sessions fail over to the unit that is still operating. This failover occurs without any loss of data. As well, the external load balancers or routers detect the failover and re-distribute all sessions to the unit that is still operating.
Load balancing and session failover is done by external routers or load balancers and not by the FGSP. The FortiGates just perform session synchronization which allows session failover to occur without packet loss.
The FGSP also includes configuration synchronization, allowing you to make configuration changes once for both FortiGates instead of requiring duplicate configuration changes on each unit. Settings that identify the FortiGate to the network, for example, interface IP addresses and BGP neighbor settings, are not synchronized so each FortiGate maintains its identity on the network. These settings must be configured separately for each FortiGate.
|In previous versions of FortiOS the FGSP was called TCP session synchronization or standalone session synchronization. However, the FGSP has been expanded to include configuration synchronization and session synchronization of connectionless sessions, expectation sessions, and NAT sessions.|