Initial System Setup & Configuration – FortiBalancer

Leave a reply

1.2 General Settings Configuration

Now that you are in the configure mode, it is time to assign Port1, Port2 and Gateway IP addresses to truly bring the FortiBalancer appliance into the network infrastructure.

1.2.1 Configuration Guidelines

To better assist you with configuration strategies that maximize the power of the FortiBalancer appliance, please take a moment to familiarize yourself with the basic network architecture.

 

Figure 1-1 Basic Network Architecture

The table below shows the most critical pieces of configurations from the figure above:

Table 1-6 Basic Network Configurations

IP Addess Description
10.10.0.1/24 Gateway IP Address
10.10.0.2/24 Management IP Address
192.168.10.1/24 Port2 Interface IP Address
192.168.10.0/24 NAT
192.168.10.10 Real Server #1
192.168.10.11 Real Server #2
192.168.10.12 Real Server #3
192.168.10.13 Real Server #4
192.168.10.14 Real Server #5
10.10.0.3 Nameserver/NTP server

Table 1-7 General Settings of Basic Network Configuration

Operation Command
Configure interface IP address ip address {system_ifname|mnet_ifname|vlan_ifname|bond_ifname} <ip_address> {netmask|prefix}
Configure gateway IP address ip route default <gateway_ip>
View IP configurations ping {ip|hostname} show ip address show ip route
Set up web UI webui {on|off} webui port <port> webui ip <ip_address>
Assign the host name hostname <host_name>
Save the Configurations write memory

1.2.2 Configuration Example via CLI

1.2.2.1 Assigning the IP Address for Interfaces

First, the Port1 Interface IP address needs to be assigned followed by the Port2 Interface, both with the appropriate netmask assignments. Now with our example network addresses and netmask designations, these commands should be executed as such:

FortiBalancer(config)#ip address port1 10.10.0.2 255.255.255.0

FortiBalancer(config)#ip address port2 3fff::bb 64

The port1 interface and the port2 interface cannot be on the same IP network. The CLI will issue a warning message and will not allow you to configure the two interfaces for the same network.

FortiBalancer supports changing the MAC address of the system interfaces by using the command “interface mac <interface_name> <mac_address>”.

FortiBalancer(config)#interface mac port1 00:30:48:81:54:9c

Note: The administrator will need to provide the method necessary to allow end-users to direct outbound traffic to a preferred route based on the IP and protocol type.

1.2.2.2 Assigning the IP Address for Gateway

The final step in this initial introduction of the FortiBalancer appliance to the network infrastructure requires you to define the Gateway IP address.

To define the gateway IP address:

FortiBalancer(config)#ip route default 10.10.0.1

1.2.2.3 Viewing the IP Configuration

To verify that FortiBalancer appliance is indeed actively deployed within this network infrastructure, you may ping both the gateway and backend server by using the “ping” command. To ping the gateway:

FortiBalancer(config)#ping 10.10.0.1

PING 10.10.0.1(10.10.0.1): 56 data bytes

64 bytes from 10.10.0.1: icmp_seq=0 ttl=128 time=0.671 ms

64 bytes from 10.10.0.1: icmp_seq=1 ttl=128 time=0.580 ms

64 bytes from 10.10.0.1: icmp_seq=2 ttl=128 time=0.529 ms

64 bytes from 10.10.0.1: icmp_seq=3 ttl=128 time=0.486 ms

64 bytes from 10.10.0.1: icmp_seq=4 ttl=128 time=0.638 ms

 

— 10.10.0.1 ping statistics —

5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.486/0.581/0.671/0.068 ms

To ping the backend server:

FortiBalancer(config)#ping 192.168.10.1

PING 192.168.10.1(192.168.10.156 data bytes

64 bytes from 192.168.10.1: icmp_seq=0 ttl=128 time=0.661 ms

64 bytes from 192.168.10.1: icmp_seq=1 ttl=128 time=0.581 ms

64 bytes from 192.168.10.1: icmp_seq=2 ttl=128 time=0.552 ms

64 bytes from 192.168.10.1: icmp_seq=3 ttl=128 time=0.484 ms

64 bytes from 192.168.10.1: icmp_seq=4 ttl=128 time=0.632 ms

 

— 192.168.10.1 ping statistics —

5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.486/0.581/0.671/0.068 ms

To verify or view the settings after configuring these critical IP addresses:

FortiBalancer(config)#show ip address ip address “port1” 10.10.0.2 255.255.255.0

ip address “port2” 192.168.10.1 255.255.255.0

 

FortiBalancer(config)#show ip route Destination     Netmask         Gateway default                         10.10.0.1

Should changes be required, in most cases, administrators should deploy the “no” version of the command relating to the configured information to remove any incorrect information before entering the desired corrections. For example, executing the command “no ip address port1”, will remove the port1 IP address for you to then reenter the correct information.

1.2.2.4 Setting up the web UI

If administrators want to take full advantage of the web UI access to the FortiBalancer appliance, at least one unique IP address is required.

In our example, we use the port1 interface IP address as the default web UI IP address and the default port 8888 as the web UI port. At last, turn on the web UI function:

FortiBalancer(config)#webui on

It is time to open your browser of choice and point it to the FortiBalancer appliance. To do this, simply type in the address as such:

https://10.10.0.2:8888

Note: The IP addresses and other parameters throughout these examples are meant for demonstration purposes. To actually access your FortiBalancer appliance, you can designate the web UI IP address and port via the commands “webui ip” and “webui port”.

And now press “Enter”. The welcome screen should appear in your browser’s window, protected by the familiar prompt asking for user name and password. The response to this prompt is admin and admin, just as before. If this screen does not appear, verify the address and port designations for both the port1 interface and web UI port.

The FortiBalancer appliance web UI supports the following browsers:

IE (Recommended)

 

Firefox

 

Chrome

 

Browser resolution should be set to 1024×786 or higher.

1.2.2.5 Assigning the Host Name

With clustering technology, more than one FortiBalancer appliance may be used within a single network server farm. With this in mind, the OS allows you to assign a “name” to each FortiBalancer appliance for monitoring each device’s performance and configuration specifications. Once you’ve named your FortiBalancer appliance, the prompt will change from the default “FortiBalancer” to the newly assigned name:

FortiBalancer(config)#hostname SJ-Box1 SJ-Box1(config)#

1.2.2.6 Saving the Configuration

To save your configuration, use the following commands:

SJ-Box1(config)#write memory

Now your configuration is saved into the startup file which the FortiBalancer appliance calls upon at reboot.

Pages: 1 2
This entry was posted in Administration Guides, FortiBalancer and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.