IP, TCP, and UDP load balancing

Example Adding a server load balance port forwarding virtual IP

In this example, a virtual web server with IP address 192.168.37.4 on the Internet, is mapped to three real web servers connected to the FortiGate unit dmz1 interface. The real servers have IP addresses 10.10.123.42, 10.10.123.43, and 10.10.123.44. The virtual server uses the First Alive load balancing method.

Each real server accepts HTTP connections on a different port number. The first real server accepts connections on port 8080, the second on port 8081, and the third on 8082. The configuration also includes an HTTP health check monitor that includes a URL used by the FortiGate unit for get requests to monitor the health of the real servers.

Connections to the virtual web server at IP address 192.168.37.4 from the Internet are translated and load balanced to the real servers by the FortiGate unit. First alive load balancing directs all sessions to the first real server. The computers on the Internet are unaware of this translation and load balancing and see a single virtual server at IP address 192.168.37.4 rather than the three real servers behind the FortiGate unit.

Server load balance virtual IP port forwarding

To complete this configuration, all of the steps would be the same as in Example Adding a server load balance port forwarding virtual IP on page 54 except for configuring the real servers.

54

Adding a server load balance port forwarding virtual IP

To add the real servers to the virtual server

Use the following steps to add three real servers to the virtual server Load_Bal_VS1. These real servers cause the FortiGate unit to forward HTTP packets to the three real servers on ports 8080, 8081, and 8082.

  1. Go to Policy & Objects > Virtual Servers and edit the Load_Bal_VS1 virtual server.
  2. Select Create New.
  3. Add the following three real servers. Each real server must include the IP address of a real server on the internal network and have a different port number.

Configuration for the first real server.

IP Address 10.10.10.42
Port 8080
Max Connections 0
Mode Active
   

Configuration for the second real server.

IP 10.10.10.43
Port 8081
Max Connections 0
Mode Active

Configuration for the third real server.

IP 10.10.10.44
Port 8082
Max Connections 0
Mode Active
This entry was posted in Administration Guides, FortiGate, FortiOS 6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.