Solution 1: Layer4 SLB One-Arm Deployment for SSL VPN Load-Balancing
Topology 1:
Key configurations:
- Assign another public IP for FortiADC interface address.
- Configure Layer4 SLB and publish the VIP and its listening port as the SSL VPN site for all FortiClient users (Example: https://123.1.1.50:10443). You will need to configure Full-NAT in VS configuration profile.
- FortiADC is able to load balance the SSL VPN traffic across FortiGate pool. None-SSL VPN traffic will be routed to the original FortiGates.
Notes:
- Only supports SSL VPN.
- The source IP address cannot be recorded on FortiGate due to FortiADC's Full-NAT settings.