- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Internet - Fortigate (NAT) - Load Balancer = LB Cannot Get Real IP
Hello.. I already read all posts about the same problem, but
As the title of this post, we implement a load balancer after fortigate.
We used NAT on Fortigate to translate Public IP to Private IP. And then the HTTPS is offloaded on Load balancer.
Because of that topology, we cannot get the real IP/client IP address. It just shows the FW IP.
We cannot disable NAT because our servers using private IP.
Because of NAT, adding the "x-forwarded-for" header is not works.
We also cannot offloading SSL on FW because that is our load balancer's job.
Is there any solution based on our topology ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should not use NAT on an incoming (from Internet) policy for precisely the reasons you're describing. The VIP object does the NAT from public IP to private. Enabling NAT on the policy only affects the source, not the destination. So you don't want NAT on the incoming policy. You DO want NAT on the outbound policies.
