Technical Tip : Server Load-Balancing working in FortiOS6.4
Description
This article provides information regarding the VIP type 'server-load-balance' and some features example HTTPS offloading and cookie persistence work in FOS 6.4 and this simple slb can be used. If replacing a fully blown ADC (F5,A10,FortiADC) with this feature, the following might be interesting.
Scope
FortiGate.
Solution
FortiOS 6.4 Features
- Supported Protocols: HTTPS, generic SSL, HTTP, TCP, UDP and generic IP.
- HTTPS offloading with optional crypto tuning.
- HTTP redirect to HTTPS.
- HSTS and HPKP.
- Secure cookies.
- Simple HTTP header manipulation (via web-proxy profile).
- Usable health checks.
- Automation through FGs standard REST API.
Limitations
- SNAT is limited to FortiGate's interface IP.
- Event logging can't show VIP or real server. Works with FAZ though.
- LB Monitor Dashboard shows only (static) configured state and not the health status.
- Maximum 16 real servers on 1HU devices.
- Health checks might be redundant if real servers are reused in multiple VIPs.
Missing
Advanced ADC features like:
- Content rewriting.
- Scripting (irules/aflex).
- Caching.
- SNI.