Example HTTP and HTTPS persistence configuration
This example shows how to add a virtual server named HTTP_Load_Balance that load balances HTTP traffic using port 80 and a second virtual server named HTTPS_Load_Balance that load balances HTTPS traffic using port 443. The Internet is connected to port2 and the virtual IP address of the virtual server is 192.168.20.20. Both server load balancing virtual IPs load balance sessions to the same three real servers with IP addresses 10.10.10.2, 10.10.10.2, and 10.10.10.3. The real servers provide HTTP and HTTPS services.
For both virtual servers, persistence is set to HTTP Cookie to enable HTTP cookie persistence.
To add the HTTP and HTTPS virtual servers
- Go to Policy & Objects > Virtual Servers.
- Add the HTTP virtual server that includes HTTP Cookie persistence.
| Name | HTTP_Load_Balance |
| Type | HTTP |
| Interface | port2 |
| Virtual Server IP | 192.168.20.20 |
| Virtual Server Port | 80
In this example the virtual server uses port 8080 for HTTP sessions instead of port 80. |
| Load Balance Method | Static |
| Persistence | HTTP cookie |
- Under Real Servers select Create New.
- Add three real servers.
Configuration for the first real server.
| IP Address | 10.10.10.1 |
| Port | 80 |
| Max Connections | 0 |
| Mode | Active |
Configuration for the second real server.
| IP Address | 10.10.10.2 |
| Port | 80 |
Example HTTP and HTTPS persistence
| Maximum Connections | 0 |
| Mode | Active |
Configuration for the third real server.
| IP Address | 10.10.10.3 |
| Port | 80 |
| Max Connections | 0 |
| Mode | Active |
- Select OK.
- Select Create New to add the HTTPS virtual server that also includes HTTP Cookie persistence.
| Name | HTTPS_Load_Balance |
| Type | HTTPS |
| Interface | port2 |
| Virtual Server IP | 192.168.20.20 |
| Virtual Server Port | 443 |
| Load Balance Method | Static |
| Persistence | HTTP cookie |
- Under Real Servers select Create New
- Add three real servers.
Configuration for the first real server.
| IP Address | 10.10.10.1 |
| Port | 443 |
| Max Connections | 0 |
| Mode | Active |
Configuration for the second real server.
| IP Address | 10.10.10.2 |
| Port | 443 |
| Max Connections | 0 |
| Mode | Active |
Configuration for the third real server.
CLI
| IP Address | 10.10.10.3 |
| Port | 443 |
| Max Connections | 0 |
| Mode | Active |
To add the virtual servers to security policies
Add a port2 to port1 security policy that uses the virtual server so that when users on the Internet attempt to connect to the web server’s IP address, packets pass through the FortiGate unit from the wan1 interface to the dmz1 interface. The virtual IP translates the destination address of these packets from the virtual server IP address to the real server IP addresses.
- Go to Policy & Objects > IPv4 Policy.
- Select Create New.
- Configure the HTTP security policy:
| Name | Policy name. |
| Incoming Interface | port2 |
| Outgoing Interface | port1 |
| Source | all |
| Destination | HTTP_Load_Balance |
| Schedule | always |
| Service | HTTP |
| Action | ACCEPT |
| NAT | Select this option and select Use Destination Interface Address. |
- Select other security policy options as required.
- Select OK.
- Select Create New.
- Configure the HTTP security policy:
| Name | Policy name. |
| Incoming Interface | port2 |
| Outgoing Interface | port1 |
| Source | all |
| Destination | HTTPS_Load_Balance |
| Schedule | always |
| Service | HTTPS |
| Action | ACCEPT |
| NAT | Select this option and select Use Destination Interface Address. |
- Select other security policy options as required.
- Select OK.