Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 7.1.3 CLI Reference
    7.1.3
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config link-load-balance virtual-tunnel

    config link-load-balance virtual-tunnel

    Use this command to configure virtual tunnels.

    Virtual tunnels enable reliable, site-to-site connectivity using Generic Routing Encapsulation (GRE) to tunnel traffic between pairs of FortiADC appliances.

    The virtual tunnel group configuration sets the list of tunnel members, as well as load balancing options like algorithm and weight.

    When you add members to a virtual tunnel configuration, you specify a local and remote IP address. These addresses are IP addresses assigned to a network interface on the local and remote FortiADC appliance.

    Before you begin:

    • You must have read-write permission for link load balance settings.

    After you have configured a virtual tunnel configuration object, you can select it in the link policy configuration.

    Syntax

    config link-load-balance virtual-tunnel

    edit <name>

    set dispatch-method {vt-wrr|vt-chash}

    config vt-member

    edit <name>

    set health-check-ctrl {enable|disable}

    set status {enable|disable}

    set tunnel-local-addr <class_ip>

    set tunnel-remote-addr <class_ip>

    set weight <integer>

    next

    end

    next

    end

    dispatch-method
    • vt-wrr: Dispatches packets to VT members using a weighted round-robin method.
    • vt-chash: Dispatches packets by source-destination IP address tuple.

    backup
    • enable—Designate the tunnel as a backup member of the group. All backup members are inactive until all main members are down.
    • disable—Designate the tunnel as a main member of the group.

    health-check-ctrl
    • enable—Send probes to test whether the link is available.
    • disable—Do not send probes to test the health of the link.

    status
    • enable—The member is considered available for new traffic.
    • disable—The member is considered unavailable for new traffic.

    tunnel-local-addr

    IP address for the network interface this system uses to form a VPN tunnel with the remote system.

    tunnel-remote-addr

    IP address that the remote FortiADC system uses to form a VPN tunnel with this system.

    weight

    Assigns relative preference among members—higher values are more preferred and are assigned connections more frequently.

    Example

    FortiADC-VM # config link-load-balance virtual-tunnel

    FortiADC-VM (virtual-tunnel) # edit llb-vt

    Add new entry 'llb-vt' for node 222

    FortiADC-VM (llb-vt) # get

    dispatch-method : vt-wrr

    FortiADC-VM (llb-vt) # config vt-member

    FortiADC-VM (vt-member) # edit vt-member-1

    Add new entry 'vt-member-1' for node 225

    FortiADC-VM (vt-member-1) # get

    tunnel-local-addr : 0.0.0.0

    tunnel-remote-addr : 0.0.0.0

    weight : 1

    status : enable

    health-check-ctrl : disable

    FortiADC-VM (vt-member-1) # set health-check-ctrl enable

    FortiADC-VM (vt-member-1) # set tunnel-local-addr 192.0.2.10

    FortiADC-VM (vt-member-1) # set tunnel-remote-addr 198.51.100.10

    FortiADC-VM (vt-member-1) # end

    FortiADC-VM (llb-vt) # get

    dispatch-method : vt-wrr

    == [ vt-member-1 ]

    FortiADC-VM (llb-vt) # show

    config link-load-balance virtual-tunnel

    edit "llb-vt"

    config vt-member

    edit "vt-member-1"

    set tunnel-local-addr 192.0.2.10

    set tunnel-remote-addr 198.51.100.10

    set health-check-ctrl enable

    next

    end

    next

    end

    Previous
    Next

    config link-load-balance virtual-tunnel

    config link-load-balance virtual-tunnel

    Use this command to configure virtual tunnels.

    Virtual tunnels enable reliable, site-to-site connectivity using Generic Routing Encapsulation (GRE) to tunnel traffic between pairs of FortiADC appliances.

    The virtual tunnel group configuration sets the list of tunnel members, as well as load balancing options like algorithm and weight.

    When you add members to a virtual tunnel configuration, you specify a local and remote IP address. These addresses are IP addresses assigned to a network interface on the local and remote FortiADC appliance.

    Before you begin:

    • You must have read-write permission for link load balance settings.

    After you have configured a virtual tunnel configuration object, you can select it in the link policy configuration.

    Syntax

    config link-load-balance virtual-tunnel

    edit <name>

    set dispatch-method {vt-wrr|vt-chash}

    config vt-member

    edit <name>

    set health-check-ctrl {enable|disable}

    set status {enable|disable}

    set tunnel-local-addr <class_ip>

    set tunnel-remote-addr <class_ip>

    set weight <integer>

    next

    end

    next

    end

    dispatch-method
    • vt-wrr: Dispatches packets to VT members using a weighted round-robin method.
    • vt-chash: Dispatches packets by source-destination IP address tuple.

    backup
    • enable—Designate the tunnel as a backup member of the group. All backup members are inactive until all main members are down.
    • disable—Designate the tunnel as a main member of the group.

    health-check-ctrl
    • enable—Send probes to test whether the link is available.
    • disable—Do not send probes to test the health of the link.

    status
    • enable—The member is considered available for new traffic.
    • disable—The member is considered unavailable for new traffic.

    tunnel-local-addr

    IP address for the network interface this system uses to form a VPN tunnel with the remote system.

    tunnel-remote-addr

    IP address that the remote FortiADC system uses to form a VPN tunnel with this system.

    weight

    Assigns relative preference among members—higher values are more preferred and are assigned connections more frequently.

    Example

    FortiADC-VM # config link-load-balance virtual-tunnel

    FortiADC-VM (virtual-tunnel) # edit llb-vt

    Add new entry 'llb-vt' for node 222

    FortiADC-VM (llb-vt) # get

    dispatch-method : vt-wrr

    FortiADC-VM (llb-vt) # config vt-member

    FortiADC-VM (vt-member) # edit vt-member-1

    Add new entry 'vt-member-1' for node 225

    FortiADC-VM (vt-member-1) # get

    tunnel-local-addr : 0.0.0.0

    tunnel-remote-addr : 0.0.0.0

    weight : 1

    status : enable

    health-check-ctrl : disable

    FortiADC-VM (vt-member-1) # set health-check-ctrl enable

    FortiADC-VM (vt-member-1) # set tunnel-local-addr 192.0.2.10

    FortiADC-VM (vt-member-1) # set tunnel-remote-addr 198.51.100.10

    FortiADC-VM (vt-member-1) # end

    FortiADC-VM (llb-vt) # get

    dispatch-method : vt-wrr

    == [ vt-member-1 ]

    FortiADC-VM (llb-vt) # show

    config link-load-balance virtual-tunnel

    edit "llb-vt"

    config vt-member

    edit "vt-member-1"

    set tunnel-local-addr 192.0.2.10

    set tunnel-remote-addr 198.51.100.10

    set health-check-ctrl enable

    next

    end

    next

    end

    Previous
    Next