Hi,
the Fortigate has the vip type "server-load-balance" for a while and some features eg https offloading and cookie persitence looked promising, but there was a bug in the cookie handling that spoiled it all.
Since FOS 6.4 this is fixed and we use this simple slb for a while without issues. So if you think about replacing a fully blown ADC (F5,A10,FortiADC) with this feature, the following might be interesting for you.
Features
Limitations
Missing
Advanced ADC features like
I like this feature because we didn't need a different dedicated box with individual handling, training, contracts and all. My hope: more admins use it and someone at FTN finds time to improve at least the dashboard limitation. Why did they make a dashboard that is static???
Regards,
Dirk
Created on 05-10-2022 10:00 AM Edited on 05-17-2022 08:25 AM
Hello @Anonymous ,
yes I'll need help - I don't know where/how to create an article.
Regards,
Dirk
Hello all,
please note that at time of writing this, http-multiplex must be unset! Otherwise some clients will have connectivity issues in case of a realserver going down, because rebalancing of sessions with existing cookies will not work.
Regards,
Dirk
Hey Dirk,
at the moment, (KB) articles can only be created by Staff, not other community members.
I'm not sure if this will change, but I will reach out to the dedicated community team regarding your thread to see what can be done :).
Again, thanks for compiling the information in such an easily accessible format!
Hi Dirk,
The SNAT is not limited to interface IP, we can have IP-Pools for SNAT.
best regards,
Jin
The realtime health monitor is available in the dashboard with healthcheck status. A sample below,
best regards,
Jin
Dear Dirk,
You mentioned "Event logging can't show VIP or real server. Works with FAZ though"
But I think whatever generated on FortiGate is only viewable in FAZ. Is there any sample log you can provide which you didnt see on FortiGate but on FAZ(RAW log please and no csv, please).
Best regards,
Jin
Hello @jintrah_FTNT ,
ok, to put it more clearly: there is no column for VIP, so you can not filter on it.
It is possible to check every log lines details to find the VIP.
But ist is not the same as with FAZ, where you can see the VIP as a column and filter on it.
Regards,
Dirk
Created on 05-18-2022 02:00 AM Edited on 05-18-2022 02:03 AM
Hi Dirk,
Thanks to make it clear about the search fields/column options in FAZ, rather misunderstanding for logs being unavailable on FortiGate.
Best regards,
Jin
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.