Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
arnaudnpago
New Contributor

Created on ‎03-24-2023 05:41 AM

Fortigate Load balancing doesn't work.

Hello to all,

I've configured a load balancing between 2 interfaces, by setting one to 62% and the other to 38% of the internet trafic. But it does not seem to work well, indeed I notice that the traffic is not shared as configured above.
I use a Fortigate 200D, Firmware version: v5.4.1, build1064 (GA).
I would like to know how to fix this problem please.

Your help will be very appreciated.

Knowledge is Power...
Knowledge is Power...
Labels:
2394
0 Kudos
1 Solution
gfleming
Staff
Staff
In response to arnaudnpago

Created on ‎03-28-2023 09:42 AM

It is volume based. But as I mentioned it's not possible to absolutely get it 100% accurate because of the way traffic flows work. The FGT will do its best but it won't always be perfect. If you have hundreds of sessions it will get closer to the approximation of what you've specified in the config. If you only have a handful of sessions it won't be as easy to match the ratio.

Cheers,
Graham

View solution in original post

2307
6 REPLIES 6
gfleming
Staff
Staff

Created on ‎03-24-2023 02:00 PM

What are the capacities of the two links today?

 

And please share the metrics you are using the measure the effecivejness of the load balancing. How are you confirming this is not working?

Cheers,
Graham
2378
0 Kudos
arnaudnpago
New Contributor
In response to gfleming

Created on ‎03-27-2023 05:00 AM

Hello,
Sorry for the delay of my answer. 

- I've two interfaces named: Wan2 (that carries an internet bandwith of 16M) and port15 (that carries 10M)

- Based on the information above, I set the load balancing as the image below shows: 

 

9.JPG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

- Below is the result of the bandwidth consumption per interface:

8.JPG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The image shows us that the percentages are not effective in the result.

Knowledge is Power...
Knowledge is Power...
2325
0 Kudos
gfleming
Staff
Staff
In response to arnaudnpago

Created on ‎03-27-2023 10:44 AM

OK so you have to consider something here. The load balancer is balancing sessions, not packets. So it will do its best to maintain a given ratio as you specify. However if you have a small number or sessions with a high bandwidth utilization it will skew the ratio a bit.

 

The balancing is working if you look at your graph. i.e. both links are saturated between 12:00-12:15.

 

The firewall is doing its best to push sessions on to the appropriate link based on utilization ratios.

Cheers,
Graham
2319
0 Kudos
arnaudnpago
New Contributor
In response to gfleming

Created on ‎03-28-2023 02:21 AM

Ok well received.
I thought my load balancing Algorithm was volume based (as the image above suggests). 

Thanks

Knowledge is Power...
Knowledge is Power...
2311
0 Kudos
gfleming
Staff
Staff
In response to arnaudnpago

Created on ‎03-28-2023 09:42 AM

It is volume based. But as I mentioned it's not possible to absolutely get it 100% accurate because of the way traffic flows work. The FGT will do its best but it won't always be perfect. If you have hundreds of sessions it will get closer to the approximation of what you've specified in the config. If you only have a handful of sessions it won't be as easy to match the ratio.

Cheers,
Graham
2308
fred
New Contributor II

Created on ‎09-25-2023 09:41 AM

FortiOS 5.4.1 is very very old, you may want to upgrade if possible, and even set up SD-WAN with loadbalancing. It comes in many flavors..

1885
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.