Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fquerzo_FTNT
Staff
Staff

Created on ‎10-26-2021 08:07 AM Edited on ‎07-23-2024 09:42 PM By Community Manager

Article Id 191596

Technical Tip: How to perform the WAD source affinity exempt for specific source address

Description


This article shows how to perform the WAD source affinity exempt for specific source address.

 

Scope

 

FortiGate.


Solution

 

When wad-source-affinity is enabled, the WAD traffic dispatcher allows incoming traffic to be directly distributed among the WAD workers. 
 
config system global
    set wad-source-affinity enable
end
 
When users are behind NAT device then the traffic from the NATed source IP would be forwarded to only one WAD worker and can load that WAD worker. This can also happen when there are high number of sessions received from few sources.
 
It is also possible to use the below commands to exempt these source addresses from proxy affinity, which allows traffic from the same source and different server to be distributed to WAD workers in a round-robin configuration.
 
config web-proxy global
set src-affinity-exempt-addr <IPv4 address> ...
set src-affinity-exempt-addr6 <Pv6 address> ...
end

Note : These commands are valid for FortiProxy. Tested and verified on the LAB.
Labels:
1697
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.