Posted in Firewall, networking

Server load balancing on Fortigate

   06/02/2020  Leave a comment

One of our customer asked us to provide a redundancy for a PAM solution distributed over 2 locations. The two servers was already in active-active state but only for database synchronization. That’s mean if the first one is dead, you have to connect manually to the second one.
From the practical point of view, users are connecting to a Virtual IP, then the FGT is doing the redirection to the working server behind.
Note that you have to enable the “load balance” feature in GUI unless you want to configure it through CLI.

This is the sample topology I used on my lab :

I used the Server load-balancing feature on fortigate to have redundancy. That’s like a VIP but you can add tests on the real servers behind.
You just have to define the test you want to perform the health check monitoring. In my case, I just want to test if the web page is working :

health server check

Then, you can configure the Virtual server:

Virtual server configuration

The secondary server is only used when the primary is down, but you can configure them to be active/active, so you can load-balance traffic between them.
Don’t forget to add a firewall policy (proxy mode) to allow traffic going through the VS IP.

Troubleshooting steps:
Watch the menu “monitor -> loadbalance monitor” or go through the CLI :

Diag firewall vip realserver list

Source :
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/713497/virtual-server

Avatar photo

Author: Kévin SAS

Hello, I'm Kévin SAS, an experienced Network and Security Engineer based in France. Over the years, I have had the privilege of working with a diverse range of clients, providing expert solutions in areas such as Wireless, LAN, Datacenter, and VoIP. I have hands-on experience with leading brands like Cisco, HPE, Aruba, Palo Alto, and many others. Having previously worked for a reputable service provider, I now find myself in a dynamic role as part of an integrator team, where I continuously expand my knowledge and skills. This blog serves as a repository of technical notes and insights that I am enthusiastic about sharing with fellow professionals and enthusiasts.

Leave a Reply

Your email address will not be published. Required fields are marked *