Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mmanrique
Staff
Staff

Created on ‎01-31-2025 08:33 AM Edited on ‎03-02-2025 06:26 AM By Moderator

Article Id 373739

Technical Tip: Load balancing Virtual server over IPsec

Description

This article describes how to configure a virtual server when one or more real servers are at the remote site of an IPsec tunnel.
Scope FortiGate.
Solution

The general virtual server configuration for load balancing can be found in: Technical Tip: Configure a virtual server.

 

But if one or more of the real servers are located at a remote location connected through an IPsec tunnel, it is necessary to specify a source IP address in the health check configuration so it can be allowed in the tunnel.

 

virtual server.png

This configuration is only available through the CLI:

 

config firewall ldb-monitor

    edit "Test"

        set type ping

        set interval 10

        set timeout 2

        set retry 3

        set port 0

        set src-ip 0.0.0.0   <- Use this command to specify the IP address of the local interface configured in the IPsec phase2 SA.

    next

end
518
Suggest New Article
Article Feedback
Comments
JorgeMonroyPad
Staff & Editor
Staff & Editor
‎01-31-2025 08:36 AM

Great job @mmanrique!!! 

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.