Created on 01-30-2023 09:59 PM Edited on 01-31-2023 02:29 AM By Jean-Philippe_P
This article describes how to load balance the TCP sessions between the real servers (a real server can be a web server, mail server and etc), how to get details of the real servers and perform basic troubleshooting using some debugging commands.
The load balance on FortiGate supports HTTP, HTTPS, IMAPS, POP3S, SMTPS, SSL/TLS, and generic TCP/UDP and IP protocols.
In the virtual server config, when the server type is set to TCP, TCP sessions are load balanced between the real servers (set server-type tcp).
- Configure the health check via CLI as follows or via GUI under Policy & Objects -> Health Check -> Create New:
# config firewall ldb-monitor
- Configure a virtual server via CLI as follows or via GUI under Policy & Objects -> Virtual Servers -> Create New:
Spoke1 # config firewall vip
- Configure a firewall policy via CLI as follows or under Policy & Objects -> Firewall Policy > Create New:
Spoke1 # config firewall policy
1) The command # di firewall vip realserver list shows:
- IP of the virtual server.
- Number of total real servers.
- Number of alive real servers .
Spoke1 # di firewall vip realserver list
2) Using the command # di firewall vip realserver healthcheck stats, statistics of the configured health check are tracked and also it shows:
Spoke1 # vip: tcp-server
Real server status: VIP=tcp-server
3) In order to troubleshoot the health check of the real servers, the below sniffers are used to check the flow of the health check traffic:
# di sniffer packet any "host <real server IP> and icmp" 4 0 l
In case the output of the above sniffer and flow debugging commands did not help to figure out the root cause of the issue, collect outputs and attach the logs to the TAC support ticket.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.