maximal amount of Load Balance rules

Hi, and welcome to the Forums! According to the Maximum Values table for model 60C, there is a maximum of 1 (one) virtual server and 3 (three) real servers per virtual server. Same for 50B, 80C. For 110C=3 virtuals, higher models = 500. Seems that either load balancing is too CPU intensive or this (included for free) feature is saved for the higher models.

Thank you for reply, even thought I can' t cay you pleased me. OK, I will have to live with this limitation. Err, customer will have to live with this limitation :). Kind regards, Jiri

At first I thought " though luck!" but then I spotted that there are 2 load-balancing types of VIP: load-balance and server-load-balance. So I did this in the CLI:

 config firewall vip      edit " vserver"           set type load-balance          set extip 1.2.3.4          set extintf " wan1"           set portforward enable          set mappedip 192.168.234.50          set extport 8080          set mappedport 8080      next      edit " vserver2"           set type load-balance          set extip 1.2.3.4          set extintf " wan1"           set portforward enable          set mappedip 192.168.234.50          set extport 8081          set mappedport 8081      next  end  

This is a valid configuration. I cannot test this here but maybe you can, and report back if that works for you.

That sounds promising! I' m not sure when I might be able to afford the downtime to test it just now, though. Might take me a week or more. Do you have any idea what the functional difference (if any) might be between " load-balance" and " server-load-balance" ? Also, going through the config files from my brief foray into 4, I noticed the following line under config system fortiguard: set load-balance-servers 1 Is there any chance that just changing that to a 2 would do the trick?

lmao...seriously, do you think so? no this relates to Fortiguard services only, apparently you can source more than one to improve response time e.g. for web filter rating.

Makes sense.... (I realize I was being hopeful, but it is, after all, clearly an arbitrary limit, since the hardware is happy to do just want i want it to do under the older OS...)

I don' t totally agree here...the load-balancing feature has been expanded substantially in FortiOS 4 with configurable, reuseable monitors, not only using ping but higher application level protocols like HTTP, and more granularity. This takes it to a different level. Now compare this kind of load balancer with standalone units built just for this purpose and you' ll see that their prices start where even powerful mid-range Fortigates stop. It wouldn' t be wise to make such a feature available unlimited even on the cheapest box of the range (read: $500), would it? But -- Fortigate chose to enable it for 1 virtual server with up to 8 real servers on the entry line FGT' s and gradually expand that to 500 virtual servers on higher models. Compared to the choice of just dropping that feature alltogether on all Fortigates below a 200B (or such) it' s quite a deal. That' s for that. In your case it looks like you could get away with the ' simple' l-b VIP I cited. So that would mean you wouldn' t have any drawbacks at all. Just give it a try, please.

I totally agree with Ede, it' s a nice feature to have even on small boxes, the limitation are not quite arbitrary. There is a huge risk to overload a small box with this kind of features. Furthermore you can configure 4 load-balancers on a FG80C although the max value matrix says 1. (4.0 MR2) So bonus for free. Cheers, Eric