I took a dive in Linux to solve the problem to do routing on Linux. I found that I have to add a route like this on the servers "nmcli connection modify “eth0” +ipv4.routes “10.16.2.0/24 10.19.142.139"". The problem is for non-HTTPS traffic. If the client is accessing the real servers RDP or even HTTPS, but not through the virtual server IP, The reply will be sent to the load balancer not to the gateway. I did another dive to find the policy routing on Linux. I found that I have to use "nmcli connectionn modify eth0 ipv4.route-table 10" to add a routing table. And "nmcli connection modify eth0 +ipv4.routing-rules "priority 10 from 192.168.1.180 table 10"" to let packets from a source-routed according to a specific routing table. I now try to find how to use a combination of application and destination to do policy routing. But the problem is when the user be accessing the real server directly. But I may ask them to not do that from this client subnet.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.