Fortinet black logo

Handbook

Global load balancing configuration overview

Global load balancing configuration overview

In a global load balancing deployment, you configure DNS server and global load balancing details only on the global FortiADC instance. The configuration framework enables granular administration and fine tuning of both the DNS server and the global load balancing framework.

Global load balancing configuration summary shows the basic configuration elements for global load balancing and the recommended order for creating the configuration objects. The order is important for initial configurations because complex configuration elements like policies often include references to simple configuration objects like the remote DNS servers (forwarders) or DNS64 rules, but the simple elements must be created first.

Global load balancing configuration summary

Basic steps (DNS server)
  1. Configure address groups to use in your DNS policy matching rules. The system includes the predefined address groups any and none.
  2. Configure remote DNS servers (forwarders) and the DSSET list that you might reference in the zone configuration.
  3. Complete the zone configuration. The global load balancing framework generates the zone configuration for zones that include the FortiADC virtual servers.
  4. Configure DNS64 or response rate limit configurations that you might reference in the DNS policy.
  5. Configure the DNS policy that matches a source/destination tuple to a zone. You can also enable and configure DNSSEC in the DNS policy.
  6. Configure general DNS settings to be applied when DNS requests do not match the DNS policy.
Basic steps (Global load balancing)
  1. Create the data center, servers, virtual server pool, and host configurations that are the framework for associating locations with virtual servers and generating the DNS zone configuration and resource records. You can adjust the dynamic proximity and persistence settings at any time.
  2. Review the generated DNS zone configuration.
  3. Create a policy that matches traffic to the generated zone configuration.

Global load balancing configuration overview

In a global load balancing deployment, you configure DNS server and global load balancing details only on the global FortiADC instance. The configuration framework enables granular administration and fine tuning of both the DNS server and the global load balancing framework.

Global load balancing configuration summary shows the basic configuration elements for global load balancing and the recommended order for creating the configuration objects. The order is important for initial configurations because complex configuration elements like policies often include references to simple configuration objects like the remote DNS servers (forwarders) or DNS64 rules, but the simple elements must be created first.

Global load balancing configuration summary

Basic steps (DNS server)
  1. Configure address groups to use in your DNS policy matching rules. The system includes the predefined address groups any and none.
  2. Configure remote DNS servers (forwarders) and the DSSET list that you might reference in the zone configuration.
  3. Complete the zone configuration. The global load balancing framework generates the zone configuration for zones that include the FortiADC virtual servers.
  4. Configure DNS64 or response rate limit configurations that you might reference in the DNS policy.
  5. Configure the DNS policy that matches a source/destination tuple to a zone. You can also enable and configure DNSSEC in the DNS policy.
  6. Configure general DNS settings to be applied when DNS requests do not match the DNS policy.
Basic steps (Global load balancing)
  1. Create the data center, servers, virtual server pool, and host configurations that are the framework for associating locations with virtual servers and generating the DNS zone configuration and resource records. You can adjust the dynamic proximity and persistence settings at any time.
  2. Review the generated DNS zone configuration.
  3. Create a policy that matches traffic to the generated zone configuration.