Question
Virtual Server Load Balancing Not Working Across VPN Tunnel Between Two Subnets
I have two network segments: 10.100.x.x and 10.200.x.x networks. I've successfully established a VPN tunnel between these two different subnets using Fortinet FortiGate-60F(SD-WAN). I have configured a virtual server with the following setup:
- Virtual IP: 10.200.0.250
- Mapped to real servers: 10.200.0.102 and 10.100.0.102
- Health check is configured for both servers
Issue: When I shut down the server at 10.200.0.102, the traffic is not being forwarded to 10.100.0.102 as expected. The load balancing/failover mechanism doesn't seem to be working across the VPN tunnel. Network Topology:
- 10.200.x.x subnet: FortiGate internal IP 10.200.0.254, Server 10.200.0.102
- 10.100.x.x subnet: FortiGate internal IP 10.100.0.254, Server 10.100.0.102
- VPN tunnel: IPSEC connection between the two subnets
- Virtual IP: 10.200.0.250
Questions:
- What could be preventing the traffic from failing over to the cross-subnet server (10.100.0.102)?
- Are there specific firewall policies or routing configurations required for virtual servers to work across VPN tunnels?
- What troubleshooting steps should I take to identify the root cause?
Any guidance or suggestions would be greatly appreciated. FortiGate Model: FortiGate-60F FortiOS Version: V7.2.6