A FortiGate device using unified threat management (UTM) profiles is reaching resource limits, and you expect traffic in your enterprise network to increase. You received an additional FortiGate of the same model. Which two options should you consider using to integrate the additional FortiGate into your enterprise network? (Choose two answers)

A. FortiGate Clustering Protocol (FGCP) in active-passive (A-P) mode with VDOM disabled
B. FortiGate Session Life Support Protocol (FGSP) with external load balancers
C. FortiGate Clustering Protocol (FGCP) in active-active (A-A) mode with switches
D. Virtual Router Redundancy Protocol (VRRP) with switches

Correct Answer: B,C

Brave-Dump Clients Votes

BC 100%

Comments

Adam 2026-01-20 03:27:28

Selected Answers: B, C

From Study Guide:
In active-active mode, you can load balance sessions between two cluster devices.

Note that the goal of active-active mode is to leverage unused CPU and memory resources on secondary devices. The intention is not really to load balance traffic. In fact, because the traffic from endpoints is always sent to the primary, you usually see more traffic on the primary than any secondary devices.

FGSP is primarily used instead of FGCP, when external load balancers are part of the topology and are responsible for distributing traffic among the downstream FortiGate devices. FGSP provides the means to synchronize sessions between the FortiGate peers, without needing a primary member to distribute the sessions, like you do in FGCP active-active mode. If the external load balancers direct all sessions to one peer, the effect is similar to active-passive FGCP HA. If external load balancers balance traffic to both peers, the effect is similar to active-active FGCP HA. The load balancers should be configured so that all packets for any given session are processed by the same peer, including return packets, whenever possible.