FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cpagare
Staff
Staff
Description
This article describes how to configure virtual server.

Solution
1) Go to System -> Feature Visibility and enable 'Load Balance'.





2) Go to Policy & Objects -> Virtual Servers and select 'Create New'.
Virtual server IP is external IP. Real server is internal IP address for load balance purpose.




3) Go to Policy & Objects -> Firewall Policy and select 'Create New'.
Remember to change the inspection mode to 'proxy-based', if not, it is not possible to find the 'object virtual_server' in the policy

Now the virtual server will be working with load balance to internal server.




From CLI.

1) Enable Load Balance.
# config system settings
    set gui-load-balance enable
end
2) To create a virtual server:
# config firewall vip
    edit "Vserver"
        set type server-load-balance
        set extip 172.20.120.121
        set extintf "any"
        set server-type http
        set monitor ""
        set ldb-method round-robin
        set persistence http-cookie
        set extport 8080
        # config realservers
            edit 1
                set type ip
                set ip 10.31.101.30
                set port 80
            next
        end
3) Add the virtual server to a policy as the destination address:
# config firewall policy
    edit 2
        set name "Virtual_Server"
        set inspection-mode proxy
        set srcintf "wan"
        set dstintf "LAN"
        set srcaddr "all"
        set dstaddr "Vserver"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set ssl-ssh-profile "certificate-inspection"
        set av-profile "default"
        set fsso disable
        set nat enable
    next
end
Related document.

Related Articles

Technical Tip: Round-robin virtual server load balancing method

Technical Tip: Configuring Virtual server with two real servers when central NAT is enabled

Technical Tip: Configure virtual server

Contributors