FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description When the HA is used in the FortiGate with active-active mode, notice that the traffic may not do the load balance with the TCP traffic as we expect. Sometimes, it is not possible to configure the load balance with the HA in active-active mode properly.
Scope FortiGate
Solution After HA has been joined with active-active mode already. To load balance TCP traffic also besides proxy sessions , use the CLI commands.
FGT # config system ha FGT set load-balance-all enable <----- Disable by default. (Enable to load balance TCP sessions. Disable to load balance proxy sessions only). FGT end
Then, it is possible to check the traffic again. Both HA units will now load balance the TCP traffic.
