A company has two FortiGate units in an active-active HA cluster. They want to ensure that sessions initiated from the internet through a virtual IP are synchronized to the peer unit in case of failover. Which HA setting is required?
Session pickup enables synchronization of all sessions, including those from VIPs, to the standby unit. Without it, sessions are not synced.
Why this answer
In active-active HA, session synchronization is enabled by default for TCP sessions, but for UDP and other protocols, session sync needs to be explicitly enabled. However, the question is about ensuring sessions are synchronized. The key setting is 'session-pickup' which enables session synchronization for all protocols.
Also, for active-active, 'session-pickup-connectionless' should be enabled for UDP and ICMP. But the most direct answer is to enable session-pickup globally.