Skip to main content
A
Anonymous_User
Contributor
April 15, 2006
Question

Load balancing problem

  • April 15, 2006
  • 2 replies
  • 4237 views
Hi everybody I have problem with Fortinet 300A which has placed in front-end firewall on back-to-back scenario. I want to Load share and load balance two Internet Connection from two different ISPs. The Port-6 is connected to back-end firewall ,port-2 is connected to ISP1 and Port-3 is connected to ISP2 I defined two Static routes (0.0.0.0/0.0.0.0) with the same distance to each Port-2 and Port-3 I have Access policy that allow Internal connection to External connection and defined Server Ping to both ISPs I dont' t have any Policy Route Fault tolerance is correct,it means whenever I unplug one connection, alternate route is used but load balancing doesn' t work this means that forigate uses only its port-2 to route packets in normal time please help me Thanks in Advanced

    2 replies

    UkWizard
    UkWizard
    New Member
    April 15, 2006
    Fortinets do not ' load balance' as such, you may have been misled by the sales jargon. Basically, it cannot load-balance, instead, what you can do is tell traffic (using the policy routing) to use particular connections. So you can specify certain matched traffic (which can be matched on any of source ip/dest ip/service) to use what connection you want. So, for example, you could say, if traffic is http traffic, use the backup link. or, if you have multiple internal subnets, you could say internal lan 1 uses the backup link. Therefore the fortinets " load share" NOT " load balance" . See this doc for the official description; [link]http://kc.forticare.com/default.asp?id=376&SID=&Lang=1[/link] Its a shame, but i believe its under development.
    A
    Anonymous_UserAuthor
    Contributor
    April 16, 2006
    Thank you so much UkWizard So Fortigate can' t Load Balance per session or per packets (like Cisco Routers) Let me ask another question, Do you know how could I configure ' ping server(like fortinet)' on Cisco devices?
    A
    Anonymous_UserAuthor
    Contributor
    April 24, 2006
    As someone already stated, you can' t do real load balancing. In an HA cluster, AV traffic is the only thing that is load balanced. There is a command " load balance all" But, it does not work in our scenario. I guess you could try it and see if it works by viewing sessions after that. But,I think there are major issues with this part of the FortiOS. They are reportedly going to be fixed in 2.8 MR12. I' m still waiting for that same fix.
    Terms & ConditionsAccessibility statement