Fortinet Document Library

Version:


Table of Contents

7.0.0
Download PDF
Copy Link

Solution 3: FortiGSLB for both IPSec and SSL VPN Load-Balancing

This is a solution for SSL-VPN with FortiGSLB Cloud. It is also supported with FortiADC (GSLB module).

For remote clients who want to connect to the company HQ via VPN, FortiGSLB allows clients to automatically connect to the FortiGate VPN server that is geographically closest to their current location. This can also be specified according to FortiGate VPN server availability. In cases when the VPN server is down, FortiGSLB can redirect users to the next available FortiGate VPN server in another location.

Topology 3: GSLB service for SSL/IPsec VPN load balancing

Key configurations:
  1. Create new VPN in FortiGate (VPN) or use the existing VPN.
  2. Create FQDN in FQDN services > choose DNS-Query-Origin Virtual Server Pool Selection Method.
  3. Create FQDN member > Create new Virtual Server Pool.
  4. Create pool member > Create generic server > Create new data center > Create new Server member (add FortiGate VPN server IP).
  5. Create new Location List for Virtual Server Pool
  6. Perform steps c.-e. for another Virtual Server Pool with a different location.

Note: The virtual servers from the generic servers (FortiGate) will be added into Pool and Server directly and will work in FQDN services.

Solution 3: FortiGSLB for both IPSec and SSL VPN Load-Balancing

This is a solution for SSL-VPN with FortiGSLB Cloud. It is also supported with FortiADC (GSLB module).

For remote clients who want to connect to the company HQ via VPN, FortiGSLB allows clients to automatically connect to the FortiGate VPN server that is geographically closest to their current location. This can also be specified according to FortiGate VPN server availability. In cases when the VPN server is down, FortiGSLB can redirect users to the next available FortiGate VPN server in another location.

Topology 3: GSLB service for SSL/IPsec VPN load balancing

Key configurations:
  1. Create new VPN in FortiGate (VPN) or use the existing VPN.
  2. Create FQDN in FQDN services > choose DNS-Query-Origin Virtual Server Pool Selection Method.
  3. Create FQDN member > Create new Virtual Server Pool.
  4. Create pool member > Create generic server > Create new data center > Create new Server member (add FortiGate VPN server IP).
  5. Create new Location List for Virtual Server Pool
  6. Perform steps c.-e. for another Virtual Server Pool with a different location.

Note: The virtual servers from the generic servers (FortiGate) will be added into Pool and Server directly and will work in FQDN services.