I'm trying to follow the solution here: https://community.fortinet.com/t5/Support-Forum/Fortigate-Virtual-IP-One-public-IP-for-two-internal-...
When I change load balancing method to HTTP Host and hit OK, it just reverts back to static. No errors. It removes the http host field from all Real Servers as well.
Fortigate 200D v6.05
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The Fortigate has to be in "Proxy mode" to allow "http-host" as a load balancing method. I have confirmed this fix.
What version of FortiOS?
As mentioned in my post, 6.05
Hello,
You may consider to configure in CLI and check whether the issue persists. Moreover, you may consider to upgrade to newer version of FortiOS in 6.0 FortiOS branch.
Created on 02-10-2023 07:46 AM Edited on 02-10-2023 07:47 AM
I cannot upgrade this device without renewing the support contract. I have in the budget for later in the year a new device.
Hey FusionScott,
have you tried via CLI? If this is a GUI-only issue, then CLI should work. If this is a deeper issue, CLI might throw up additional error messages.
CLI commands should be this roughly:
#config firewall vip
#edit <virtual-server>
#set lbd-method http-host
#config realservers
#edit 1
#set http-host <host>
#end
#end
Connected
FG200D3916818052 # config firewall vip
FG200D3916818052 (vip) # edit test
FG200D3916818052 (test) # set lbd-method http-host
command parse error before 'lbd-method'
Command fail. Return code -61
FG200D3916818052 (test) #
@FusionScott wrote:
Connected
FG200D3916818052 # config firewall vip
FG200D3916818052 (vip) # edit test
FG200D3916818052 (test) # set lbd-method http-host
command parse error before 'lbd-method'
Command fail. Return code -61
FG200D3916818052 (test) #
Hi,
you need specify which type of balancing before pick the method
config firewall vip
edit test
set type server-load-balance
set server type http
set lbd-method http-host
......
and continue as Debbie suggested above
regards
/ Abel
Created on 02-10-2023 08:05 AM Edited on 02-10-2023 08:08 AM
Looks like it's "server-type" not "server type", but even then I still get the error on "lbd-method". I also tried "ibd-method" in case that is a capitol I...
Connected
FG200D3916818052 # config firewall vip
FG200D3916818052 (vip) # edit test
FG200D3916818052 (test) # set type server-load-balance
FG200D3916818052 (test) # set server type http
command parse error before 'type'
Command fail. Return code -61
FG200D3916818052 (test) # set servertype http
command parse error before 'servertype'
Command fail. Return code -61
FG200D3916818052 (test) # set server-type http
FG200D3916818052 (test) # set lbd-method http-host
command parse error before 'lbd-method'
Command fail. Return code -61
FG200D3916818052 (test) # set ibd-method http-host
command parse error before 'ibd-method'
Command fail. Return code -61
FG200D3916818052 (test) #
Hi,
maybe you need play with CLI a bit; everything is documented under 6.0 CLI guide in docs.fortinet.com.
It seems a typo error, is 'ldb-method' and not 'lbd-..."
Use '?' in each command instance, and you'll can see which options are available.
I mean:
config firewall vip
edit test
set type server-load-balance
set server-type http
set ?
and you'll see:
# set |
id Custom defined ID. |
uuid Universally Unique Identifier (UUID; automatically assigned but can be manually reset). |
comment Comment. |
type Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. |
ldb-method Method used to distribute sessions to real servers. |
src-filter Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. |
extip IP address or address range on the external interface that you want to map to an address or address range on the destination network. |
*extintf Interface connected to the source network that receives the packets that will be forwarded to the destination network. |
arp-reply Enable to respond to ARP requests for this virtual IP address. Enabled by default. |
*server-type Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). |
persistence Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. |
nat-source-vip Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. |
*extport Incoming port number range that you want to map to a port number range on the destination network. |
gratuitous-arp-interval Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable. |
srcintf-filter Interfaces to which the VIP applies. Separate the names with spaces. |
http-multiplex Enable/disable HTTP multiplexing. |
http-ip-header For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. |
monitor Name of the health check monitor to use when polling to determine a virtual server's connectivity status. |
max-embryonic-connections Maximum number of incomplete connections. |
color Color of icon on the GUI. |
The options beginning with '*' are mandatories Hope it helps
|
regards
/ Abel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1536 | |
1029 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.