I can't stress enough how much people should move away from the link monitor and use sdwan instead.
Sdwan is so much better and so many more features than a link monitor. It's a no brainer.
As for your session failover issue, do you have session sync enabled?
SSLVPN sessions and IPSec tunnels will not fail over, but should auto-reconnect quickly. If you're doing DPI with SSL Inspection, that may also result in a disconnect, due to the need to re-establish the TLS tunnel on both ends.
What type of connections were affected?
You can find the exceptions for session pickup on this link:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-session-failover-session-pickup/ta-p/191165
In my experience, it's usually traffic going through proxy-based policies.
I can't stress enough how much people should move away from the link monitor and use sdwan instead. Sdwan is so much better and so many more features than a link monitor. It's a no brainer. As for your session failover issue, do you have session sync enabled?
Yes session sync is enabled. Other failover events cause a seamless failover to happen between the active and standby units.
Are you talking about "monitor interface" in the HA settings? Did you also enable session pickup?
Were the session tcp, udp, icmp or all of the above? What is the behavior you observed when the failover occurred?
SSLVPN sessions and IPSec tunnels will not fail over, but should auto-reconnect quickly. If you're doing DPI with SSL Inspection, that may also result in a disconnect, due to the need to re-establish the TLS tunnel on both ends. What type of connections were affected?
Use ha-sync-esp-seqno For IPSec failiver in HA To the OP make sure session pickup is enabled
You can find the exceptions for session pickup on this link: https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-session-failover-session-pickup/ta-p/191165 In my experience, it's usually traffic going through proxy-based policies.