Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kinmun
New Contributor II

load balancing of smtp servers

i have 2 smtp servers which is load balanced into one single ip single ip address.

we noticed that once we use the VIP for the smtp servers after doing load balancing in the fortigate, we will encounter some issues.

1st issue we saw was that instead of using the pre-assigned external ip address for smtp server, it will show the firewall wan ip address.

2nd issue is some mails will have issue sending out.

does fortigate load balance VIP supports smtp ?

i read the fortiOS handbook, it only talks abt http, there is no mention that smtp will work.

6 REPLIES 6
Christopher_McMullan

There are various levels of persistence and methods of load balancing. You're not tied to just using HTTP traffic.

 

Check the setting of 'nat-source-vip' on the VIP object, and try toggling it:

config firewall vip

edit <vip_name>

get | grep nat-source-vip

set nat-source-vip {enable | disable}

end

Regards, Chris McMullan Fortinet Ottawa

reto_gobat

Hello there

 

Did you solve your problem? Having the same issue here.

If we connect to the Load Balancing Virtual IP, the Firewall responds with it's own Interface IP instead of the client IP. This is a bit of a problem, because we would like to only allow relay from specific IP addresses.

 

Thanks

Carl_Wallmark

reto.gobat wrote:

Hello there

 

Did you solve your problem? Having the same issue here.

If we connect to the Load Balancing Virtual IP, the Firewall responds with it's own Interface IP instead of the client IP. This is a bit of a problem, because we would like to only allow relay from specific IP addresses.

 

Thanks

Hi,

 

I think you have NAT enabled on the firewall of the VIP ? If so, turn it off.

If it´s enabled, you would see the firewalls IP instead, just like you described it.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
reto_gobat

No we have NAT disabled on the VIP and also the FW Policy. But it will still show the IP of the FW Interface.

Alby23

I know it's an old one but... I think that the chance to preserve client IP address is available only with multiplexing if you're load balancing HTTP/HTTPS type (and not the TCP one you have to use in order to balance SMTP session).

MikePruett
Valued Contributor

kinmun were you able to resolve the issue?

Mike Pruett Fortinet GURU | Fortinet Training Videos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors