How to add FortiGate SD-WAN Inbound Load Balancing to GSLB
Integrating FortiGate SD-WAN inbound load balancing with GSLB ensures high availability and optimized performance for an application by distributing traffic across multiple links and providing automatic failover to the default server when necessary.
This section covers the following:
Example solution
This example illustrates the solution for when all the incoming traffic comes from one ISP.
The example assumes that the customer has three ISP routers. The FortiGate SD-WAN has three members for each ISP. The SD-WAN will do the out-going load balance for App1, but in some cases the incoming traffic will keep coming from ISP1 and ISP2, which causes the ISP1 and ISP2 links to be very busy and leaves ISP3 link very free.
To solve this issue, GSLB can load balance the incoming traffic to ISPs from the DNS level.
Configuration Steps
- Create New Virtual Server in FortiGate (Policy & Objects > Virtual Servers) or use an existing Virtual Server.
- Create FortiGate connector in Fabric Connectors and wait few seconds to sync virtual servers.
- Bind SD-WAN link with virtual servers in FortiGate Connector.
- Create FQDN for your SD-WAN application in GSLB services.
- Create FQDN member > Create new Virtual Server Pool. Select Connector member ISP1/ISP2/ISP3, enable health check Default_HLTHCK_HTTP, and choose SDWAN-InBandwidth as the preferred method.
- The virtual server from the FortiGate Connector will be added into the Pool and will work in GSLB services.
Sample topology view in FortiAppSec Cloud GSLB
After completing these steps, the customer will be able to monitor the App1 status for all ISPs on the GSLB service detail page. The GSLB will load balance the traffic to three links. If one of the links is down, the GSLB will direct the traffic to the available link. If all of the links are down, the GSLB will direct the traffic to the App1 default server.