Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 6.1.2 CLI Reference
    6.1.2
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config global-load-balance proximity

    Proximity

    Use this command to configure dynamic proximity. Dynamic proximity is used to order DNS lookup results based on the shortest application response time (RTT) for ICMP or TCP probes sent by the local SLB to the DNS resolver that sent the DNS request.

    The system caches the RTT results for the period specified by the timeout. When there are subsequent requests from clients that have a source IP address within the same network (as specified by the netmask affinity), the RTT is taken from the results table instead of a new, real-time probe. This reduces response time.

    Before you begin:

    • You must have read-write permission for global load balancing settings.

    The settings you configure are applied if the dynamic-proximity RTT option is enabled in the virtual server pool configuration.

    Syntax

    config global-load-balance setting

    set proximity-cache-aging-period <integer>

    set proximity-cache-mask-length <integer>

    set proximity-cache-mask-length6 <integer>

    set proximity-detect-interval <integer>

    set proximity-detect-protocol {icmp|icmp-and-tcp}

    set proximity-detect-retry-count <integer>

    end

    proximity-cache-aging-period

    		 RTT results are cached. This setting specifies the length of time in seconds for which the RTT cache entry is valid. The default is 86400. The valid range is 60-2,592,000 seconds.

    proximity-cache-mask-length

    		 Number of IPv4 netmask bits that define network affinity for the RTT table. The default is 24. For example, if the GLB records an RTT for a client with source IP address 192.168.1.100, the record is stored and applies to all requests from the 192.168.1.0/24 network.

    proximity-cache-mask-length6

    		 Number of IPv6 netmask bits that define network affinity for the RTT table. The default is 64.

    proximity-detect-interval

    		 Interval between retries if the probe fails. The default is 3. The valid range is 1-3600 seconds.

    proximity-detect-protocol
    • icmp
    • icmp-and-tcp

    proximity-detect-retry-count

    		 Retry count if the probe fails. The default is 3. The valid range is 1-10 times.

    Example

    FortiADC-docs # config global-load-balance setting

    FortiADC-docs (setting) # get

    password : *

    proximity-detect-protocol : icmp

    proximity-detect-retry-count : 3

    proximity-cache-mask-length : 24

    proximity-cache-mask-length6 : 64

    proximity-detect-interval : 3

    proximity-cache-aging-period : 86400

    persistence-mask-length : 24

    persistence-mask-length6 : 64

    persistence-timeout : 60

    FortiADC-docs (setting) # set proximity-detect-protocol icmp

    FortiADC-docs (setting) # set proximity-detect-retry-count 2

    FortiADC-docs (setting) # set proximity-cache-mask-length 24

    FortiADC-docs (setting) # set proximity-cache-mask-length6 64

    FortiADC-docs (setting) # set proximity-detect-interval 2

    FortiADC-docs (setting) # set proximity-cache-aging-period 200

    FortiADC-docs (setting) # end

    Previous
    Next

    config global-load-balance proximity

    Proximity

    Use this command to configure dynamic proximity. Dynamic proximity is used to order DNS lookup results based on the shortest application response time (RTT) for ICMP or TCP probes sent by the local SLB to the DNS resolver that sent the DNS request.

    The system caches the RTT results for the period specified by the timeout. When there are subsequent requests from clients that have a source IP address within the same network (as specified by the netmask affinity), the RTT is taken from the results table instead of a new, real-time probe. This reduces response time.

    Before you begin:

    • You must have read-write permission for global load balancing settings.

    The settings you configure are applied if the dynamic-proximity RTT option is enabled in the virtual server pool configuration.

    Syntax

    config global-load-balance setting

    set proximity-cache-aging-period <integer>

    set proximity-cache-mask-length <integer>

    set proximity-cache-mask-length6 <integer>

    set proximity-detect-interval <integer>

    set proximity-detect-protocol {icmp|icmp-and-tcp}

    set proximity-detect-retry-count <integer>

    end

    proximity-cache-aging-period

    		 RTT results are cached. This setting specifies the length of time in seconds for which the RTT cache entry is valid. The default is 86400. The valid range is 60-2,592,000 seconds.

    proximity-cache-mask-length

    		 Number of IPv4 netmask bits that define network affinity for the RTT table. The default is 24. For example, if the GLB records an RTT for a client with source IP address 192.168.1.100, the record is stored and applies to all requests from the 192.168.1.0/24 network.

    proximity-cache-mask-length6

    		 Number of IPv6 netmask bits that define network affinity for the RTT table. The default is 64.

    proximity-detect-interval

    		 Interval between retries if the probe fails. The default is 3. The valid range is 1-3600 seconds.

    proximity-detect-protocol
    • icmp
    • icmp-and-tcp

    proximity-detect-retry-count

    		 Retry count if the probe fails. The default is 3. The valid range is 1-10 times.

    Example

    FortiADC-docs # config global-load-balance setting

    FortiADC-docs (setting) # get

    password : *

    proximity-detect-protocol : icmp

    proximity-detect-retry-count : 3

    proximity-cache-mask-length : 24

    proximity-cache-mask-length6 : 64

    proximity-detect-interval : 3

    proximity-cache-aging-period : 86400

    persistence-mask-length : 24

    persistence-mask-length6 : 64

    persistence-timeout : 60

    FortiADC-docs (setting) # set proximity-detect-protocol icmp

    FortiADC-docs (setting) # set proximity-detect-retry-count 2

    FortiADC-docs (setting) # set proximity-cache-mask-length 24

    FortiADC-docs (setting) # set proximity-cache-mask-length6 64

    FortiADC-docs (setting) # set proximity-detect-interval 2

    FortiADC-docs (setting) # set proximity-cache-aging-period 200

    FortiADC-docs (setting) # end

    Previous
    Next