Hi All,
I'm wondering if anybody ever used Fortigate's virtual servers load balance feature to balance internal traffic.
Fortinet's kb shows it as something to be used to load balance external requests to internal server, though what I'm trying to do is to set up a virtual server to load balance all the internal LDAP/DNS requests coming from different vlans to our 3 domain controller servers.
I apparently set this configuration up succesfully but after a few minutes I had to turn it off since the domain controllers started degrading their performance (might have the health check made them do this?). When the virtual server/load balancer was turned off the DCs performance got immediately better again.
Wonder if it's good practice to use the load balancer for LAN traffic and if I did something wrong in setting it up.
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@dclabs
Can you send a part of config file here?
Note: Remember to remove real data from config and replace them with some different data (IP, Names etc)
Unfortunately I had to delete the Virtual Server because it was causing the DCs performance to lower heavily, so no configuration available.
Hi @dclabs,
It should work internally and it depends on your configuration. Which Load balancing method and Health Check Type are you using? You can try to increase health check interval.
Regards,
I used the First Alive balancing method with both hosts being active.
I made a custom health check that would send the hosts a ping every 5 seconds and would fail over after 2 fails.
First Alive: Directs sessions to the first live real server. This load balancing schedule provides real server failover protection by sending all sessions to the first live real server. If a real server fails, all sessions are sent to the next live real server. Sessions are not distributed to all real servers so all sessions are processed by the first real server only.
Please refer to the admin guide for more details about load balancing method. https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/713497/virtual-server-load-b...
Regards,
I did refer to the admin guide, though I don't understand why when all clients and server on the plan send their ldap request directly to the DCs there is no problem, then when I set up a virtual server that load balance to the two DCs (even if no host has its requests routed through the virtual server yet) their performance degrades until I delete the virtual server.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.