Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ZAHIDHASEEB
New Contributor III

Created on ‎12-11-2022 11:56 PM

Fortinet Firewall Support for Postgres Cluster

Environment

PostgresSQL = 15

Patroni = patroni-2.1.4-1.rhel8.x86_64 & patroni-etcd-2.1.4-1.rhel8.x86_64
OS = RHEL = 8.x

Detail

We have a setup of Postgres Cluster with 2 nodes. On top of Postgres Cluster a load balancer (name HAproxy) is also installed. Additionally the Postgres Cluster use Patroni software for HA related activities against Postgres Cluster. Patroni update the HAproxy to let him know who is Active / Leader node of Postgres Cluster thru API. So HAproxy know who is Active node of Postgres Cluster and send traffic to only Active node of Postgres.

 

My Query: Does Fortinet Firewall have support for Postgres Cluster and can we use Fortinet Firewall in place of HAproxy in above mentioned environment  

Labels:
4455
0 Kudos
1 Solution
gfleming
Staff
Staff
In response to ZAHIDHASEEB

Created on ‎01-30-2023 08:46 AM

As mentioned in a previous response to make it work for the intra-interface (i.e. Trust to Trust) you must disable "Preserve Client IP" in the Server Load Balance config and you must enable NAT on the FW Policy.

Cheers,
Graham

View solution in original post

4197
22 REPLIES 22
gfleming
Staff
Staff
In response to ZAHIDHASEEB

Created on ‎01-30-2023 08:46 AM

As mentioned in a previous response to make it work for the intra-interface (i.e. Trust to Trust) you must disable "Preserve Client IP" in the Server Load Balance config and you must enable NAT on the FW Policy.

Cheers,
Graham
4198
ZAHIDHASEEB
New Contributor III

Created on ‎01-30-2023 10:24 PM Edited on ‎01-30-2023 10:28 PM

1- In DMZ to Trust rule, my environment is working when I only select Type is TCP

2-In DMZ to Trust rule, my environment does not work when I select Type is HTTP (either NAT or Preserve Client IP enable or disable)

3- In Trust to Trust rule my environment does not work when I select Type is HTTP or TCP (either NAT or Preserve Client IP enable or disable)

 

Preserve client IP is only available when Type is HTTP

ZAHIDHASEEB_2-1675146330511.png

 

Preserve client IP is not available when Type is TCP so I cant choose Preserve Client IP

ZAHIDHASEEB_3-1675146389350.png

 

 

 

646
0 Kudos
ZAHIDHASEEB
New Contributor III

Created on ‎01-31-2023 06:51 AM

@gfleming Bundle of thanks for your back to back followup on my issue, I am able to complete the activity. Couple of thing I corrected at my side and your suggestions made the environment workable. 

638
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.