Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- maximal amount of Load Balance rules
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 10-27-2010 01:37 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
maximal amount of Load Balance rules
Hi to Fortinet community,
I' m pretty new to FortiOS and a few last days I' ve been struggling with setting of Load Balancing over Virtual/Real servers.
Scenario is classic, two (or more) webservers in DMZ behind FortiGate 60C in HA (Active-passive mode). Firmware used is v4.0,build5352,101007 (MR2).
Everything is OK, until I try to add more than one Virtual IP -> Real server(s) mapping.
When I try to add second (or another) rule, web GUI says " unknown error occured" . I was curious about this weird message so I tried to add rule in CLI..
And CLI says " Virtual server limit reached!"
This is getting me to thoughts like there was a maximal limit of one(?!) Virtual server rule.. I tried to find some info about this issue, but after a few hours..ended here :).
Could some of you guys explain to me, what I' m doing wrong?
Thank you!
Jiri
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
and welcome to the Forums!
According to the Maximum Values table for model 60C, there is a maximum of 1 (one) virtual server and 3 (three) real servers per virtual server.
Same for 50B, 80C. For 110C=3 virtuals, higher models = 500.
Seems that either load balancing is too CPU intensive or this (included for free) feature is saved for the higher models.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I recently attempted to update my 60B from FortiOS 3, which doesn' t have this limitation, and ran into this problem. I' m kind of horrified that this was limit was added (and I' m really nonplussed that, as far as I can find, this change wasn' t indicated in the update notes anywhere, which led me to hours of frustration before I realized that the Fortigate had silently dropped that part of my configuration).
I don' t even actually *need* two virtual IPs—I just need to be able to virtualize two different *ports* on the same IP, which I can do under the older OS, but can' t figure out how to do on FortiOS 4 on the 60B.
Might there be any workarounds available to me?
Not applicable
Created on 10-27-2010 03:30 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for reply,
even thought I can' t cay you pleased me.
OK, I will have to live with this limitation. Err, customer will have to live with this limitation :).
Kind regards,
Jiri
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
At first I thought " though luck!" but then I spotted that there are 2 load-balancing types of VIP: load-balance and server-load-balance. So I did this in the CLI:
config firewall vip
edit " vserver"
set type load-balance
set extip 1.2.3.4
set extintf " wan1"
set portforward enable
set mappedip 192.168.234.50
set extport 8080
set mappedport 8080
next
edit " vserver2"
set type load-balance
set extip 1.2.3.4
set extintf " wan1"
set portforward enable
set mappedip 192.168.234.50
set extport 8081
set mappedport 8081
next
end
This is a valid configuration. I cannot test this here but maybe you can, and report back if that works for you.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That sounds promising! I' m not sure when I might be able to afford the downtime to test it just now, though. Might take me a week or more.
Do you have any idea what the functional difference (if any) might be between " load-balance" and " server-load-balance" ?
Also, going through the config files from my brief foray into 4, I noticed the following line under config system fortiguard:
set load-balance-servers 1
Is there any chance that just changing that to a 2 would do the trick?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lmao...seriously, do you think so?
no this relates to Fortiguard services only, apparently you can source more than one to improve response time e.g. for web filter rating.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Makes sense....
(I realize I was being hopeful, but it is, after all, clearly an arbitrary limit, since the hardware is happy to do just want i want it to do under the older OS...)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don' t totally agree here...the load-balancing feature has been expanded substantially in FortiOS 4 with configurable, reuseable monitors, not only using ping but higher application level protocols like HTTP, and more granularity. This takes it to a different level. Now compare this kind of load balancer with standalone units built just for this purpose and you' ll see that their prices start where even powerful mid-range Fortigates stop. It wouldn' t be wise to make such a feature available unlimited even on the cheapest box of the range (read: $500), would it?
But -- Fortigate chose to enable it for 1 virtual server with up to 8 real servers on the entry line FGT' s and gradually expand that to 500 virtual servers on higher models. Compared to the choice of just dropping that feature alltogether on all Fortigates below a 200B (or such) it' s quite a deal.
That' s for that. In your case it looks like you could get away with the ' simple' l-b VIP I cited. So that would mean you wouldn' t have any drawbacks at all. Just give it a try, please.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I totally agree with Ede, it' s a nice feature to have even on small boxes, the limitation are not quite arbitrary. There is a huge risk to overload a small box with this kind of features.
Furthermore you can configure 4 load-balancers on a FG80C although the max value matrix says 1. (4.0 MR2)
So bonus for free.
Cheers, Eric
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,742 -
FortiClient
1,775 -
5.2
801 -
FortiManager
736 -
5.4
639 -
FortiAnalyzer
563 -
FortiSwitch
476 -
FortiAP
474 -
FortiClient EMS
436 -
6.0
416 -
5.6
362 -
FortiMail
320 -
6.2
251 -
SSL-VPN
248 -
FortiAuthenticator v5.5
234 -
IPsec
212 -
FortiWeb
206 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
117 -
FortiAuthenticator
105 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
98 -
FortiToken
92 -
Firewall policy
84 -
Customer Service
80 -
Wireless Controller
80 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
vlan
53 -
FortiEDR
52 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiGate-VM
18 -
FortiMonitor
18 -
Traffic shaping
17 -
SSID
16 -
WAN optimization
16 -
FortiDDoS
15 -
FortiSoar
15 -
OSPF
15 -
Automation
15 -
FortiGate v5.0
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
Admin
13 -
FortiCASB
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1733 | |
| 1106 | |
| 752 | |
| 447 | |
| 240 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.