Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppardeshi
Staff
Staff

Created on ‎06-24-2023 09:44 AM Edited on ‎06-26-2023 02:42 AM By Moderator

Article Id 261559

Technical Tip: Virtual Server Load Balancer's behavior when using IP based load-balancing on Active-Passive Real servers

Description This article discusses Virtual Server Load Balancer's behavior when using IP-based load-balancing on Active-Passive Real servers.
Scope FortiGate.
Solution The original behavior for a server-load-balance VIP that has both active and standby real servers is if the active server is down and traffic is being forwarded to the standby server and when the active server is re-activated (or comes back up), traffic does not go (move) to the active server immediately because traffic matches an existing firewall session and would still forward traffic to the standby server.
This behavior is changed in and after firmware 7.2.4 and 7.4.0 GA.
The change is that the old firewall session is marked dirty and re-validated after the active server is re-activated.
All the existing sessions pointing to the standby server will be moved over to the original active server after re-validation.
1060
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.