Internal Clients
For this type clients, you don’t need to load balancing all the protocol packets for the CSs. You can only load balancing the primary protocol packets, then the following secondary protocol packets can be sent to the CS directly, and not pass through FortiADC.
Figure 2: Load Balancing Internal CS
The FortiADC supports multiple Packet Forwarding Method. In this case, you can use the Full NAT select which will rewrite both the source and destination IP addresses. You would first need to create the NAT Source Pool
NAT Source Pool
- Go to Server Load Balance > Virtual Server > NAT Source Pool, click the Create New button.
- Fill in the Name, select the Interface to receive responses from the backend server and set the Address Range. Then click the Save button.
CLI Example:
config load-balance ippool
edit "HORIZION_NAT_POOL"
set interface port2
set ip-min 10.107.10.89
set ip-max 10.107.10.89
config node-member
end
next
end
Virtual Server using TCP profile
- Go to Server Load Balance > Virtual Server > Virtual Server, click the Create New -> Advanced Mode button.
- In the Basic settings, fill the Name, select the Full NAT of Packet Forwarding Method and select the NAT Source Pool created above.
- In General settings, set the virtual server Address and Port, and select the Interface in which the virtual server will work. Use the default profile LB_PROF_TCP, you can select one Method which means differentload balancing methods. For keeping the primary protocol packets from one client to the same CS, you should select one Persistence. Select the Real Server Pool created above.
- Keep other fields to the default values or you can change them as you need.
Now the virtual server has been created, and in your Horizon Client, you can add the CS with virtual server IP address. The FortiADC will load balance the primary Horizon protocol packets to the available CSs what the Health Check will do periodically. After authenticating user successfully, the Horizon Client will send the secondary Horizon protocol packets to the CS (selected by FortiADC) directly and not pass through FortiADC.
CLI Example:
config load-balance virtual-server
edit "HORIZON_TCP_VS"
set packet-forwarding-method FullNAT
set interface port3
set ip 10.107.10.86
set port 443
set load-balance-profile LB_PROF_TCP
set load-balance-persistence LB_PERSIS_SRC_ADDR
set load-balance-method LB_METHOD_ROUND_ROBIN
set load-balance-pool HORIZON_CS_POOL
set ippool-list HORIZION_NAT_POOL
set traffic-group default
next
end
Virtual Server using HTTPS profile
Users can also use L7 HTTPS Virtual server to load-balance Connection Servers.
- Go to Server Load Balance > Virtual Server > Virtual Server, click the Create New > Advanced Mode button.
- In the Basic settings, fill the Name, select the Type Layer 7. If need to use SNAT please set ippool.
- In General settings, set the virtual server Address and Port, and select the Interface in which the virtual server will work. Use profile LB_PROF_HTTPS and set Client SSL Profile. You can select one Method for different load balancing methods. For keeping the primary protocol packets from one client to the same CS, you should select one Persistence. Select the Real Server Pool created for Connection server HTTPS service.
- Keep other fields to the default values or you can change as you need.
Now the virtual server has been created, and in your Horizon Client, you can add the CS with virtual server IP address. The FortiADC will load balance the primary Horizon protocol packets to the available CSes what the Health Check will do periodically. After authenticating user successfully, the Horizon Client will send the secondary Horizon protocol packets to the CS (selected by FortiADC) directly and not pass through FortiADC.
CLI Example:
ippool (optional)
config load-balance ippool
edit "HORIZION_NAT_POOL88"
set interface port2
set ip-min 10.107.10.88
set ip-max 10.107.10.88
config node-member
end
next
end
pool
config load-balance pool
edit "HORIZON_CS_POOL443"
set real-server-ssl-profile LB_RS_SSL_PROF_DEFAULT
config pool_member
edit 1
set pool_member_service_port 443
set pool_member_cookie rs1
set real-server CS01
next
edit 2
set pool_member_service_port 443
set pool_member_cookie rs1
set real-server CS02
next
end
next
end
virtual server
config load-balance virtual-server
edit "86"
set type l7-load-balance
set interface port3
set ip 10.107.10.86
set port 443
set load-balance-profile LB_PROF_HTTPS
set client-ssl-profile LB_CLIENT_SSL_PROF_DEFAULT
set load-balance-persistence LB_PERSIS_SRC_ADDR
set load-balance-method LB_METHOD_ROUND_ROBIN
set load-balance-pool HORIZON_CS_POOL443
set ippool-list HORIZION_NAT_POOL88
set traffic-group default
next
end