Fortinet black logo

Handbook

Configuring servers

Configuring servers

In the context of the global server load balance configuration, servers are the local SLB (FortiADC instances or third-party servers) to be load balanced. For FortiADC instances, the GLB checks status and synchronizes configuration from the local SLB so that it can learn the set of virtual servers that can be included in the GLB virtual server pool.

Virtual server discovery illustrates configuration discovery. Placement in this list does not include them in the pool. You also must name them explicitly in the virtual server pool configuration.

Virtual server discovery

Before you begin:

  • You must have created the data center configuration objects that are associated with the local SLB.
  • You must have created virtual server configurations on the local FortiADC SLB. In this procedure, the global SLB discovers them.
  • You must have created gateway configuration objects on the local FortiADC SLB if you want to configure a gateway health check. In this procedure, the global SLB discovers them.
  • You must have Read-Write permission for Global Load Balance settings.

After you have created a server configuration object, you can specify it the global load balancing virtual server pool configuration.

To configure servers:
  1. Go to Global Load Balance > Global Object.
  2. Click the Server tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in Server configuration.
  5. Use the Discover utility to populate the Member list configuration with virtual server configuration details from the local FortiADC SLB.
  6. Optional. Edit the populated list to select a discovered gateway configuration object if you want the GSLB to perform gateway health checks.
  7. Save the configuration.

Server configuration

Settings Guidelines

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the virtual server pool configuration.

Note: After you initially save the configuration, you cannot edit the name.

Type

  • FortiADC SLB: A FortiADC instance.
  • Generic Host: A third party ADC or server.
Auth Type
  • None—No password.
  • TCP MD5SIG—With password, but can not be used if NAT is in between the client and server. This is because, when using the TCP MD5SIG authentication in a network with NAT in between, the IP layer is encrypted. So is every packet. Because the IP address will be changed, the encryption check will always fail.
  • Auth Verify—The authentication key is sent to the server after a three-way handshake. The key is encrypted and NAT in between will not affect the authentication.
Password

Enter the password to authenticate key.

Note: This field appears only when TCP MD5SIG or Auth Verify is selected as the authentication type. The password your enter here must match the password configured on the FortiADC appliance in a global sever load-balancing configuration.

Address Type

IPv4 or IPv6.

IP Address

Specify the IP address for the FortiADC management interface. This IP address is used for synchronization and also status checks. If the management interface is unreachable, the virtual servers for that FortiADC are excluded from DNS answers.

Port

5858 by default.

Data Center

Select a data center configuration object. The data center configuration object properties are used to establish the proximity of the servers and the client requests.

Auto-sync

Enable/disable auto-sync from the server. Global load balancing will auto-sync the server member when enabled.

Note: When disabling auto-sync, the server member will be cleared and re-synced.

Health Check Control

If type is Generic Host, enable/disable health checks for the virtual server list. The health check settings at this configuration level are the parent configuration. When you configure the list, you can specify whether to inherit or override the parent configuration.

Note:This option is available only when Generic Host is selected. See Type above. Health checking is built-in, and you can optionally configure a gateway health check.

Health Check Relationship

  • AND—All of the specified health checks must pass for the server to be considered available.
  • OR—One of the specified health checks must pass for the server to be considered available.

Health Check List

Select one or more health check configuration objects.

Member

Discover

Populate the member list with virtual servers from the local FortiADC configuration. After the list had been populated, you can edit the configuration to add a gateway health check.

Override

Select this option if you want to update the discovered virtual server configuration with the latest configuration information whenever you use the Discover utility (for example, additions or changes to previously discovered configurations).

Unselect this option if you want to preserve the previously discovered configuration and not have it overwritten by the Discover operation.

Name

Must match the virtual server configuration name on the local FortiADC.

Address Type

IPv4 or IPv6.

IP Address

Virtual server IP address.

Gateway

Enable an additional health check: is the gateway beyond the FortiADC reachable?

The list of gateway configuration objects is populated by discovery, but you must select the appropriate one from the list.

Health Check Inherit

If type is Generic Host, enable to inherit the health check settings from the parent configuration. Disable to specify health check settings in this member configuration.

Health Check Control

Enable health checking for the virtual server.

Note: This option is available only when Health Check Inherit is disabled. In that case, you can enable this option and configure the Health Check Relationship and Health Check List fields below.

Health Check Relationship

  • AND—All of the specified health checks must pass for the server to be considered available.
  • OR—One of the specified health checks must pass for the server to be considered available.

Health Check List

Specify one or more health check configuration objects.

Configuring servers

In the context of the global server load balance configuration, servers are the local SLB (FortiADC instances or third-party servers) to be load balanced. For FortiADC instances, the GLB checks status and synchronizes configuration from the local SLB so that it can learn the set of virtual servers that can be included in the GLB virtual server pool.

Virtual server discovery illustrates configuration discovery. Placement in this list does not include them in the pool. You also must name them explicitly in the virtual server pool configuration.

Virtual server discovery

Before you begin:

  • You must have created the data center configuration objects that are associated with the local SLB.
  • You must have created virtual server configurations on the local FortiADC SLB. In this procedure, the global SLB discovers them.
  • You must have created gateway configuration objects on the local FortiADC SLB if you want to configure a gateway health check. In this procedure, the global SLB discovers them.
  • You must have Read-Write permission for Global Load Balance settings.

After you have created a server configuration object, you can specify it the global load balancing virtual server pool configuration.

To configure servers:
  1. Go to Global Load Balance > Global Object.
  2. Click the Server tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in Server configuration.
  5. Use the Discover utility to populate the Member list configuration with virtual server configuration details from the local FortiADC SLB.
  6. Optional. Edit the populated list to select a discovered gateway configuration object if you want the GSLB to perform gateway health checks.
  7. Save the configuration.

Server configuration

Settings Guidelines

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the virtual server pool configuration.

Note: After you initially save the configuration, you cannot edit the name.

Type

  • FortiADC SLB: A FortiADC instance.
  • Generic Host: A third party ADC or server.
Auth Type
  • None—No password.
  • TCP MD5SIG—With password, but can not be used if NAT is in between the client and server. This is because, when using the TCP MD5SIG authentication in a network with NAT in between, the IP layer is encrypted. So is every packet. Because the IP address will be changed, the encryption check will always fail.
  • Auth Verify—The authentication key is sent to the server after a three-way handshake. The key is encrypted and NAT in between will not affect the authentication.
Password

Enter the password to authenticate key.

Note: This field appears only when TCP MD5SIG or Auth Verify is selected as the authentication type. The password your enter here must match the password configured on the FortiADC appliance in a global sever load-balancing configuration.

Address Type

IPv4 or IPv6.

IP Address

Specify the IP address for the FortiADC management interface. This IP address is used for synchronization and also status checks. If the management interface is unreachable, the virtual servers for that FortiADC are excluded from DNS answers.

Port

5858 by default.

Data Center

Select a data center configuration object. The data center configuration object properties are used to establish the proximity of the servers and the client requests.

Auto-sync

Enable/disable auto-sync from the server. Global load balancing will auto-sync the server member when enabled.

Note: When disabling auto-sync, the server member will be cleared and re-synced.

Health Check Control

If type is Generic Host, enable/disable health checks for the virtual server list. The health check settings at this configuration level are the parent configuration. When you configure the list, you can specify whether to inherit or override the parent configuration.

Note:This option is available only when Generic Host is selected. See Type above. Health checking is built-in, and you can optionally configure a gateway health check.

Health Check Relationship

  • AND—All of the specified health checks must pass for the server to be considered available.
  • OR—One of the specified health checks must pass for the server to be considered available.

Health Check List

Select one or more health check configuration objects.

Member

Discover

Populate the member list with virtual servers from the local FortiADC configuration. After the list had been populated, you can edit the configuration to add a gateway health check.

Override

Select this option if you want to update the discovered virtual server configuration with the latest configuration information whenever you use the Discover utility (for example, additions or changes to previously discovered configurations).

Unselect this option if you want to preserve the previously discovered configuration and not have it overwritten by the Discover operation.

Name

Must match the virtual server configuration name on the local FortiADC.

Address Type

IPv4 or IPv6.

IP Address

Virtual server IP address.

Gateway

Enable an additional health check: is the gateway beyond the FortiADC reachable?

The list of gateway configuration objects is populated by discovery, but you must select the appropriate one from the list.

Health Check Inherit

If type is Generic Host, enable to inherit the health check settings from the parent configuration. Disable to specify health check settings in this member configuration.

Health Check Control

Enable health checking for the virtual server.

Note: This option is available only when Health Check Inherit is disabled. In that case, you can enable this option and configure the Health Check Relationship and Health Check List fields below.

Health Check Relationship

  • AND—All of the specified health checks must pass for the server to be considered available.
  • OR—One of the specified health checks must pass for the server to be considered available.

Health Check List

Specify one or more health check configuration objects.