Fortinet Document Library

Version:


Table of Contents

7.0.0
Download PDF
Copy Link

Solution 1: Layer4 SLB One-Arm Deployment for SSL VPN Load-Balancing

Topology 1:

Key configurations:
  1. Assign another public IP for FortiADC interface address.
  2. Configure Layer4 SLB and publish the VIP and its listening port as the SSL VPN site for all FortiClient users (Example: https://123.1.1.50:10443). You will need to configure Full-NAT in VS configuration profile.
  3. FortiADC is able to load balance the SSL VPN traffic across FortiGate pool. None-SSL VPN traffic will be routed to the original FortiGates.

Notes:

  • Only supports SSL VPN.
  • The source IP address cannot be recorded on FortiGate due to FortiADC's Full-NAT settings.

Solution 1: Layer4 SLB One-Arm Deployment for SSL VPN Load-Balancing

Topology 1:

Key configurations:
  1. Assign another public IP for FortiADC interface address.
  2. Configure Layer4 SLB and publish the VIP and its listening port as the SSL VPN site for all FortiClient users (Example: https://123.1.1.50:10443). You will need to configure Full-NAT in VS configuration profile.
  3. FortiADC is able to load balance the SSL VPN traffic across FortiGate pool. None-SSL VPN traffic will be routed to the original FortiGates.

Notes:

  • Only supports SSL VPN.
  • The source IP address cannot be recorded on FortiGate due to FortiADC's Full-NAT settings.