Fortiweb flow with load balancer

Daniyal007 · ‎12-04-2025

Hi there,

i am configuring fortiweb on F5 Load balncer but i am facing an issue that my fortiweb is also using the certificate and F5 load balncer is also using the certificate, as per fortiweb servers in ip pool must accept the traffic on port 80 but in my senerio ip in server pool is F5 Vip ip address which accepts the traffic on port 443 , is there any way that fortiweb decrpt the incoming packet do security stuff and then re-encrpt the traffic and then send it to F5 load balancer. because right now i am facing an ssl error , ssl error connection reset .

as well as i want to know if i can add 2 default routes on fortiweb ab i have two incoming links configured as 2 vips in my fortiweb

AEK · ‎12-04-2025

Hi Dan

Yes FWB can decrypt, scan, then re-encrypt.

According to your description, in the server pool rule you probably just need to enable SSL and set port 443.

Regarding the second part (2 default routes), I usually add one single default route (e.g. on port1) and use policy route to force the traffic outgoing with IP2 to exit from port2, and it works just fine.

On the other hand, just an advice, in most cases found that there is no need to add an extra load balancer behind FortiWeb, since FWB performs load balancing for Web traffic just perfectly. Adding LB equipment for no valid reason can be just wast of money and performance, and also adds complexity for no gain.

AEK

Fortiweb flow with load balancer

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website