Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NotMine
Contributor

Created on ‎02-03-2015 05:56 AM

HTTPS server load balancing with FGT-90D

Hello everyone,

 

I'm trying to configure a virtual server of HTTPS type on FGT-90D, but apparently, this model does not support SSL offloading. :(

 

Does anyone have some creative idea on how can I achieve the same effect (FGT to distribute SSL certificate and establish secure connections with clients, load-balancing their requests between two application servers) on the FGT-90D, like illustrated?

 

 

Is there no way to enable SSL offloading on this model? Why does it not support it?

 

Thanks,

Slavko

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
Labels:
5099
0 Kudos
4 REPLIES 4
emnoc
Esteemed Contributor III

Created on ‎02-03-2015 07:37 AM

There's a post about the exact  same issues and  a FGT60D, I can only suggest a  SLB  device or a opensource linux solution. A FGT90D is a SMB entry level device.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1683
0 Kudos
NotMine
Contributor

Created on ‎02-03-2015 11:32 PM

Hi enmon,

 

I know, that is my thread. :) I opened a new one, because I was hoping I'll get some ideas if I broaden the question a little.

 

What bothers me is that FGT-80D supports SSL offloading and the 90D does not. I know that 80D has much less ports, but it is still an SMB device, just like 90D.

 

Anyway, I guess I'll try to find my solution behind the FGT.

 

Thanks!

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
1683
0 Kudos
Carl_Wallmark
Valued Contributor

Created on ‎02-04-2015 01:05 AM

There is a big difference between the 80D and 90D,

 

The 80D has a real CPU while the 90D is SoC CPU. And at the moment the SoC CPU is way to slow for performing SSL offloading. Maybe that will change with the new SoC v3.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
1683
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎02-04-2015 02:17 AM

ditto

 

Maybe you can ask  fortinet sales to see what they are going to offer in the future, but if you need  SSL_OFF-loading now,  you will need to explore different options. A FGT60D which is a great firewall btw, is NOT up to par for SSL-offloading  or others SLB features that you would expect from a dedicate SLB.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1683
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.