Fortinet black logo

High Performance VPN Load balancing with FortiADC and FortiGate

Home FortiADC 7.4.0 High Performance VPN Load balancing with FortiADC and FortiGate
7.4.0
7.4.0
5.4.0

Solution 1: Layer4 SLB One-Arm Deployment for SSL VPN Load-Balancing

Solution 1: Layer4 SLB One-Arm Deployment for SSL VPN Load-Balancing

Topology 1:

Key configurations:
  1. Assign another public IP for FortiADC interface address.
  2. Configure Layer4 SLB and publish the VIP and its listening port as the SSL VPN site for all FortiClient users (Example: https://123.1.1.50:10443). You will need to configure Full-NAT in VS configuration profile.
  3. FortiADC is able to load balance the SSL VPN traffic across FortiGate pool. None-SSL VPN traffic will be routed to the original FortiGates.

Notes:

  • Only supports SSL VPN.
  • The source IP address cannot be recorded on FortiGate due to FortiADC's Full-NAT settings.
Previous
Next

Solution 1: Layer4 SLB One-Arm Deployment for SSL VPN Load-Balancing

Topology 1:

Key configurations:
  1. Assign another public IP for FortiADC interface address.
  2. Configure Layer4 SLB and publish the VIP and its listening port as the SSL VPN site for all FortiClient users (Example: https://123.1.1.50:10443). You will need to configure Full-NAT in VS configuration profile.
  3. FortiADC is able to load balance the SSL VPN traffic across FortiGate pool. None-SSL VPN traffic will be routed to the original FortiGates.

Notes:

  • Only supports SSL VPN.
  • The source IP address cannot be recorded on FortiGate due to FortiADC's Full-NAT settings.
Previous
Next