Fortinet black logo

Handbook

Server load balancing configuration overview

Server load balancing configuration overview

The configuration object framework supports the granularity of FortiADC application delivery control rules. You can configure specific options and rules for one particular type of traffic, and different options and rules for another type.

Server load balancing configuration steps shows the configuration objects used in the server load balancing configuration and the order in which you create them.

Basic steps
  1. Configure health check rules and real server SSL profiles.
  2. This step is optional. In many cases, you can use predefined health check rules and predefined real server SSL profiles. If you want to use custom rules, configure them before you configure the pools of real servers.

  3. Configure server pools.
  4. This step is required. Server pools are the backend servers you want to load balance and specify the health checks used to determine server availability.

  5. Configure persistence rules, optional features and policies, profile components, and load balancing methods.
  6. You can skip this step if you want to select from predefined persistence rules, profiles, and methods.

  7. Configure the virtual server.
  8. When you configure a virtual server, you select from predefined and custom configuration objects.

Example workflow

For a members-only HTTPS web server farm, you might have a workflow similar to the following:

  1. Configure security module firewall rules that allow only HTTPS traffic from untrusted subnets to the virtual server.
  2. Import server SSL certificates, configure a local certificate group, and a certificate verification policy.
  3. Configure HTTPS health checks to test the availability of the web servers.
  4. Configure the server pools, referencing the health check configuration object.
  5. Configure authentication:
  • Create a RADIUS or LDAP server configuration.
  • Create user groups.
  • Create an authentication policy.
  • Configure an HTTPS profile, referencing the certificate group and certificate verification policy and setting SSL version and cipher requirements.
  • Configure an application profile and client SSL profile if needed.
  • Configure the virtual server, using a combination of predefined and user-defined configuration objects:
    • Predefined: WAF policy, Persistence, Method
    • User-defined: Authentication Policy, Profile

    Server load balancing configuration steps

    Server load balancing configuration overview

    The configuration object framework supports the granularity of FortiADC application delivery control rules. You can configure specific options and rules for one particular type of traffic, and different options and rules for another type.

    Server load balancing configuration steps shows the configuration objects used in the server load balancing configuration and the order in which you create them.

    Basic steps
    1. Configure health check rules and real server SSL profiles.
    2. This step is optional. In many cases, you can use predefined health check rules and predefined real server SSL profiles. If you want to use custom rules, configure them before you configure the pools of real servers.

    3. Configure server pools.
    4. This step is required. Server pools are the backend servers you want to load balance and specify the health checks used to determine server availability.

    5. Configure persistence rules, optional features and policies, profile components, and load balancing methods.
    6. You can skip this step if you want to select from predefined persistence rules, profiles, and methods.

    7. Configure the virtual server.
    8. When you configure a virtual server, you select from predefined and custom configuration objects.

    Example workflow

    For a members-only HTTPS web server farm, you might have a workflow similar to the following:

    1. Configure security module firewall rules that allow only HTTPS traffic from untrusted subnets to the virtual server.
    2. Import server SSL certificates, configure a local certificate group, and a certificate verification policy.
    3. Configure HTTPS health checks to test the availability of the web servers.
    4. Configure the server pools, referencing the health check configuration object.
    5. Configure authentication:
    • Create a RADIUS or LDAP server configuration.
    • Create user groups.
    • Create an authentication policy.
  • Configure an HTTPS profile, referencing the certificate group and certificate verification policy and setting SSL version and cipher requirements.
  • Configure an application profile and client SSL profile if needed.
  • Configure the virtual server, using a combination of predefined and user-defined configuration objects:
    • Predefined: WAF policy, Persistence, Method
    • User-defined: Authentication Policy, Profile

    Server load balancing configuration steps