High Availability – FortiBalancer

5.6 Stateful Session Failover (SSF)

The Stateful Session Failover (SSF) function can be applied to both the Active/Active and Active/Standby HA scenarios. With SSF enabled, the information about the TCP and UDP connections established on the “Active” floating IP group will be updated to all “Standby” floating IP groups in real time. Once any failover action is taken, all the existing TCP and UDP connections will not be interrupted because the connection information has been updated to the new “Active” unit by the SSF function. However, if the SSF function is disabled, the existing TCP and UDP connections will be interrupted.

The SSF function supports TCP, UDP, FTP and IP types of SLB applications as well as NAT applications. It can be enabled or disabled per virtual service.

Note:

  • To ensure the SSF function works well, please make sure that the HA-related configurations on all the units in one HA domain are the same. It is recommended to use Runtime Synconfig while the SSF function is enabled.
  • The SSF function uses a stable network link between two HA units to transmit SSF session information. If the network link used for SSF goes down, session information cannot be exchanged between two units. If a group failover occurs subsequently, the existing connections might be reset.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.