How do virtual servers (5.6) work internally (interface, policy, etc)

Question

Curious if anyone knows how the 5.6 virtual server functionality is really working internally. I'm unable to get the examples in the documentation to work. This:

http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-load-balancing/ldb-basic-example.htm

basically says do the following:

1) Add a ping health check (not sure if that's actually needed to get traffic to flow)

2) Add a virtual server, with interface set to wan1 or what would otherwise be the interface where traffic is being received. Add the IP. Pick service type, ports, etc.

3) Add a real server as part of adding the virtual server.

4) Create a rule permitting traffic from external interface to target interface, source any, destination is the virtual server, port/protocol as appropriate.

This does NOT work. If I instead set the virtual server to have interface any, it does work. I'm not sure if there are consequences of having it set to any. Could this cause the fortigate to be looking for traffic to this VIP on more interfaces than the one I want it on?

oheigl · Answer

In my opinion ANY is the way to go here, we had so many difficulties in the past just because the VIP or LBL was bound to an interface. There are no consequences that I know of. Also it's way more easier to migrate something in the future if the interface is set to any.

But why the LBL doesn't work with an interface set is another question, it should work just fine, there has to be a configuration error in it. But for solving this problem, we would need more details (configuration of LBL, policy, interfaces, real servers, ...)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded