Hello all,
I am looking for a lab set up to test server load balancing. The http will be terminated on the firewall to redirect to https, so inside real servers will only have 443 port listening on. The member servers of each such VIP/Virtual Server will use round robin load distribution. Can I use ICMP plus TCP connect at 443 for health monitoring so that I can cover for both web service failing as well as server itself going down? I don't have the equipment yet to play with, so hoping someone with this type of typical set up in production can advise.
SSL certs will remain on the servers and will not be exported/installed on the firewall. There is a https health monitoring I see in a screenshot in the documentation, but no details shown/provided as to how and what all is available under https monitoring. I believe it will be trying to connect to a certain page on server. If someone can advise how this https page check will work in presence of a certificate (self signed in my case of lab) or if I should simply stick with ping plus tcp 443 connect, that will be much appreciated.
Thanks
I was able to download a VM of FortiGate and install it to validate what options are available.
I was able to confirm that I can create ping and https connect health checks and then under Virtual server section, where I need to specify the VIP, it did allow me to add multiple health checks. So at least that part is confirmed. I will still like to know if certificates has any roles to play in the https connect.
Another thing to confirm is that tcp connect if set to use port 443 is the same as https connect option for health check.
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.