Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 6.2.1 CLI Reference
    6.2.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config global-load-balance servers

    config global-load-balance servers

    Use this command to configure global load balance servers.

    In the context of the global server load balance configuration, servers are the local SLB (FortiADC instances or third-party servers) that are to be load balanced. For FortiADC instances, the GLB checks status and synchronizes configuration from the local SLB so that it can learn the set of virtual servers that are possible to include in the GLB virtual server pool.

    Figure 1 illustrates configuration discovery. You use the execute discovery-glb-virtual-server command to populate the virtual-server-list configuration. Placement in this list does not include them in the pool. You also must name them explicitly in the virtual server pool configuration.

    Figure 1: Virtual server discovery

    Before you begin:

    • You must have created the data center configuration objects that are associated with the local SLB.
    • You must have created virtual server configurations on the local FortiADC SLB so that you can use execute discovery-glb-virtual-server command to discover them.
    • You must have read-write permission for global load balancing settings.

    After you have created a server configuration object, you can specify it the global load balancing virtual server pool configuration.

    Syntax

    config global-load-balance servers

    edit <name>

    set address-type {ipv4|ipv6}

    set auth-key <string>

    set auth-type <non/TCP_MD5SIG/auth_verify>

    set auto-sync <enable/disable>

    set data-center <datasource>

    set ip <class_ip>

    set port <integer>

    set server-type {FortiADC-SLB|Generic-Host}

    set sync-status {enable|disable}

    set health-check-ctrl {enable|disable}

    set health-check-list <datasource> <datasource> ...

    set health-check-relation {AND|OR}

    config virtual-server-list

    edit <name>

    set address-type {ipv4|ipv6}

    set ip <class-ip>

    set gateway <string>

    set health-check-inherit {enable|disable}

    set health-check-ctrl {enable|disable}

    set health-check-list <datasource> <datasource> ...

    set health-check-relation {AND|OR}

    next

    end

    next

    end

    address-type

    IPv4 or IPv6.

    auth-key

    Password of the remote server.

    auth-type

    Remote server authentication type.

    auto-sync

    Automatic synchronization with the remote server, ennable or disable; enabled, the virtual-server-list will synchronize automatically.

    data-center

    Specify a data center configuration object. The data center configuration object properties are used to establish the proximity of the servers and the client requests.

    ip

    Specify the IP address for the FortiADC management interface.

    server-type

    FortiADC-SLB: A FortiADC instance.

    Generic-Host: A third party ADC or server.

    sync-status

    Enable/disable synchronization of the virtual server status from the local FortiADC SLB. Disabled by default. If enabled, synchronization occurs whenever there is a change in virtual server status.

    health-check-ctrl

    If type is Generic Host, enable/disable health checks for the virtual server list. The health check settings at this configuration level are the parent configuration. When you configure the list, you can specify whether to inherit or override the parent configuration.

    If type is FortiADC-SLB, this option is not available. Health checking is built-in, and you can optionally configure a gateway health check.

    health-check-list

    Specify one or more health check configuration objects.

    health-check-relation
    • AND—All of the specified health checks must pass for the server to be considered available.
    • OR—One of the specified health checks must pass for the server to be considered available.

    config virtual-server-list

    When servers are FortiADC servers, use execute discovery-glb-virtual-server to populate the basic virtual-server-list configuration. After it has been populated, you can add a gateway health check. (optional).

    <name>

    		 Must match the virtual server configuration name on the local FortiADC.

    address-type

    IPv4 or IPv6.

    ip

    Virtual server IP address.

    gateway

    Used when server type is FortiADC.

    Specify a gateway to enable an additional health check: is the gateway beyond the FortiADC reachable? Specify a string that matches the configuration name of a link load balancing gateway.

    health-check-inherit

    		 If type is Generic Host, enable to inherit the health check settings from the parent configuration. Disable to specify health check settings in this member configuration.

    health-check-ctrl

    Enable health checking for the virtual server.

    health-check-list

    Specify one or more health check configuration objects.

    health-check-relation
    • AND—All of the selected health checks must pass for the server to the considered available.
    • OR—One of the selected health checks must pass for the server to be considered available.

    Example

    FortiADC-VM # config global-load-balance servers

    FortiADC-VM (servers) # edit FortiADC-2

    FortiADC-VM (FortiADC-2) # set sync-status enable

    FortiADC-VM (FortiADC-2) # auth-type TCP_MDFSIG

    FortiADC-VM (FortiADC-2) # set auth-key ENC QVhOH9Wvq6q4BP2sqQMNJ6FDWWYcZA6THCj/sHFGHtAb6qO5nqy1SJ9PpEpc+yk/j8XWfXeORT8DsF8KDBhDL9K5Ms9sXs1y8gUQbtFnCIHKwIpf

    FortiADC-VM (FortiADC-2) # set data-center United_States

    FortiADC-VM (FortiADC-2) # set auto-sync enable

    FortiADC-VM (FortiADC-2) # set ip 172.30.144.100

    FortiADC-VM (FortiADC-2) # set server-type FortiADC-SLB

    FortiADC-VM (FortiADC-2) # show

    config global-load-balance servers

    edit "FortiADC-2"

    set ip 172.30.144.100

    set data-center United_States

    config virtual-server-list

    end

    next

    end

    FortiADC-VM (FortiADC-2) # end

    FortiADC-VM # execute discovery-glb-virtual-server server FortiADC-2

    FortiADC-VM # show global-load-balance servers FortiADC-2

    config global-load-balance servers

    edit "FortiADC-2"

    set ip 172.30.144.100

    set data-center United_States

    config virtual-server-list

    edit "mail_example_com"

    set ip 192.0.2.2

    set port 80

    next

    edit "www_example_com"

    set ip 192.0.2.1

    set port 811

    next

    end

    next

    end

    FortiADC-VM # config global-load-balance servers

    FortiADC-VM (servers) # edit FortiADC-2

    FortiADC-VM (FortiADC-2) # config virtual-server-list

    FortiADC-VM (virtual-server~l) # show

    config virtual-server-list

    edit "mail_example_com"

    set ip 192.0.2.2

    set port 80

    next

    edit "www_example_com"

    set ip 192.0.2.1

    set port 811

    next

    end

    FortiADC-VM (virtual-server~l) # edit www_example_com

    FortiADC-VM (www_example_com) # set gateway US-ISP1

    FortiADC-VM (www_example_com) # end

    FortiADC-VM (FortiADC-2) # end

    Previous
    Next

    config global-load-balance servers

    config global-load-balance servers

    Use this command to configure global load balance servers.

    In the context of the global server load balance configuration, servers are the local SLB (FortiADC instances or third-party servers) that are to be load balanced. For FortiADC instances, the GLB checks status and synchronizes configuration from the local SLB so that it can learn the set of virtual servers that are possible to include in the GLB virtual server pool.

    Figure 1 illustrates configuration discovery. You use the execute discovery-glb-virtual-server command to populate the virtual-server-list configuration. Placement in this list does not include them in the pool. You also must name them explicitly in the virtual server pool configuration.

    Figure 1: Virtual server discovery

    Before you begin:

    • You must have created the data center configuration objects that are associated with the local SLB.
    • You must have created virtual server configurations on the local FortiADC SLB so that you can use execute discovery-glb-virtual-server command to discover them.
    • You must have read-write permission for global load balancing settings.

    After you have created a server configuration object, you can specify it the global load balancing virtual server pool configuration.

    Syntax

    config global-load-balance servers

    edit <name>

    set address-type {ipv4|ipv6}

    set auth-key <string>

    set auth-type <non/TCP_MD5SIG/auth_verify>

    set auto-sync <enable/disable>

    set data-center <datasource>

    set ip <class_ip>

    set port <integer>

    set server-type {FortiADC-SLB|Generic-Host}

    set sync-status {enable|disable}

    set health-check-ctrl {enable|disable}

    set health-check-list <datasource> <datasource> ...

    set health-check-relation {AND|OR}

    config virtual-server-list

    edit <name>

    set address-type {ipv4|ipv6}

    set ip <class-ip>

    set gateway <string>

    set health-check-inherit {enable|disable}

    set health-check-ctrl {enable|disable}

    set health-check-list <datasource> <datasource> ...

    set health-check-relation {AND|OR}

    next

    end

    next

    end

    address-type

    IPv4 or IPv6.

    auth-key

    Password of the remote server.

    auth-type

    Remote server authentication type.

    auto-sync

    Automatic synchronization with the remote server, ennable or disable; enabled, the virtual-server-list will synchronize automatically.

    data-center

    Specify a data center configuration object. The data center configuration object properties are used to establish the proximity of the servers and the client requests.

    ip

    Specify the IP address for the FortiADC management interface.

    server-type

    FortiADC-SLB: A FortiADC instance.

    Generic-Host: A third party ADC or server.

    sync-status

    Enable/disable synchronization of the virtual server status from the local FortiADC SLB. Disabled by default. If enabled, synchronization occurs whenever there is a change in virtual server status.

    health-check-ctrl

    If type is Generic Host, enable/disable health checks for the virtual server list. The health check settings at this configuration level are the parent configuration. When you configure the list, you can specify whether to inherit or override the parent configuration.

    If type is FortiADC-SLB, this option is not available. Health checking is built-in, and you can optionally configure a gateway health check.

    health-check-list

    Specify one or more health check configuration objects.

    health-check-relation
    • AND—All of the specified health checks must pass for the server to be considered available.
    • OR—One of the specified health checks must pass for the server to be considered available.

    config virtual-server-list

    When servers are FortiADC servers, use execute discovery-glb-virtual-server to populate the basic virtual-server-list configuration. After it has been populated, you can add a gateway health check. (optional).

    <name>

    		 Must match the virtual server configuration name on the local FortiADC.

    address-type

    IPv4 or IPv6.

    ip

    Virtual server IP address.

    gateway

    Used when server type is FortiADC.

    Specify a gateway to enable an additional health check: is the gateway beyond the FortiADC reachable? Specify a string that matches the configuration name of a link load balancing gateway.

    health-check-inherit

    		 If type is Generic Host, enable to inherit the health check settings from the parent configuration. Disable to specify health check settings in this member configuration.

    health-check-ctrl

    Enable health checking for the virtual server.

    health-check-list

    Specify one or more health check configuration objects.

    health-check-relation
    • AND—All of the selected health checks must pass for the server to the considered available.
    • OR—One of the selected health checks must pass for the server to be considered available.

    Example

    FortiADC-VM # config global-load-balance servers

    FortiADC-VM (servers) # edit FortiADC-2

    FortiADC-VM (FortiADC-2) # set sync-status enable

    FortiADC-VM (FortiADC-2) # auth-type TCP_MDFSIG

    FortiADC-VM (FortiADC-2) # set auth-key ENC QVhOH9Wvq6q4BP2sqQMNJ6FDWWYcZA6THCj/sHFGHtAb6qO5nqy1SJ9PpEpc+yk/j8XWfXeORT8DsF8KDBhDL9K5Ms9sXs1y8gUQbtFnCIHKwIpf

    FortiADC-VM (FortiADC-2) # set data-center United_States

    FortiADC-VM (FortiADC-2) # set auto-sync enable

    FortiADC-VM (FortiADC-2) # set ip 172.30.144.100

    FortiADC-VM (FortiADC-2) # set server-type FortiADC-SLB

    FortiADC-VM (FortiADC-2) # show

    config global-load-balance servers

    edit "FortiADC-2"

    set ip 172.30.144.100

    set data-center United_States

    config virtual-server-list

    end

    next

    end

    FortiADC-VM (FortiADC-2) # end

    FortiADC-VM # execute discovery-glb-virtual-server server FortiADC-2

    FortiADC-VM # show global-load-balance servers FortiADC-2

    config global-load-balance servers

    edit "FortiADC-2"

    set ip 172.30.144.100

    set data-center United_States

    config virtual-server-list

    edit "mail_example_com"

    set ip 192.0.2.2

    set port 80

    next

    edit "www_example_com"

    set ip 192.0.2.1

    set port 811

    next

    end

    next

    end

    FortiADC-VM # config global-load-balance servers

    FortiADC-VM (servers) # edit FortiADC-2

    FortiADC-VM (FortiADC-2) # config virtual-server-list

    FortiADC-VM (virtual-server~l) # show

    config virtual-server-list

    edit "mail_example_com"

    set ip 192.0.2.2

    set port 80

    next

    edit "www_example_com"

    set ip 192.0.2.1

    set port 811

    next

    end

    FortiADC-VM (virtual-server~l) # edit www_example_com

    FortiADC-VM (www_example_com) # set gateway US-ISP1

    FortiADC-VM (www_example_com) # end

    FortiADC-VM (FortiADC-2) # end

    Previous
    Next