FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
welnaggar
Staff
Staff
Article Id 192262
Description
This article describes how to configure server load balancing in active-standby mode and monitor it using the health check tool.

The following high level diagram illustrates the scenario:


Solution
FortiOS has the ability to use server load balancing in active-standby mode.
This feature provides redundancy between real servers; if the active server went down for any reason, the standby server should work instead.

Load balancing health monitor is a powerful tool that monitors the health of real servers, it determines if a real server is responsive before forwarding traffic. One health check is sent per interval using the specified protocol, port and HTTP.

GET, where applicable to the protocol. If the server does not respond during the timeout period, the health check fails and, if retries are configured, another health check is performed. If all health checks fail, the server is deemed unavailable, and another real server is selected to receive the traffic according to the selected load balancing algorithm.

Here is an example of server load balancing health monitor:
# config firewall ldb-monitor
edit "http-monitor"
set type http
set port 13240
set http-get "/http_status"
set http-match "OK"
next
end
The active/standby servers can be configured as follows:
# config firewall vip
edit "Load-balance"
set type server-load-balance
set extip 192.168.37.4
set extintf "any"
set server-type tcp
set monitor "http-monitor"
set ldb-method least-session
set extport 3330
config realservers
edit 1
set ip 10.31.101.42
set port 3330
set status active
set holddown-interval 300
next
edit 2
set ip 10.31.101.43
set port 3330
set status standby
set holddown-interval 300
next
end
next
end
In the active-standby mode, if the primary server went down, FortiOS will not forward any traffic to it for 5 minutes based on the holddown_interval default value.
This value prevents any flapping issues (if a server goes up and down frequently).


Contributors