Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 25.3.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiAppSec Cloud User Guide
    25.3.0
    26.1.0
    25.4.0
    25.3.0
    25.2.0

    How to load-balance by geolocation

    How to load-balance by geolocation

    The GEO load balancing method directs traffic based on the geographic location of the client, typically using the source IP address. This method helps route users to the nearest or most appropriate regional endpoint, improving performance and supporting data residency compliance.

    Geolocation matching is based on the source IP address relative to the data center location specified in the connector associated with the virtual server. The matching follows this order:

    1. Region (e.g., state or province)

    2. If no region match, fall back to country

    3. If no country match, fall back to continent

    4. If no continent match, use Weighted Round Robin

    Example: One virtual server is configured in US–California.

    • A query from a source IP in Canada will also match this virtual server if no other virtual server exists anywhere in the US.

    • A query from a source IP in US–Oregon will match this virtual server if no other virtual server exists in US–Oregon.

    Configure load balancing by geolocation

    1. Create FQDN in GSLB Services and create an FQDN member.

      If your deployment requires strict geographical matching, we recommend enabling the Respond Single Record option under FQDN settings.
    2. Create a new Virtual Server Pool and use GEO preferred method in Pool.
    3. Choose existing virtual servers for Pool. You can also create several new connectors with different Data Centers. Create new Connector member (Virtual Server) into Connectors.
    4. The FQDN will respond to the DNS query according to the virtual server’s location in Connectors and the DNS query’s source IP.
    Previous
    Next

    How to load-balance by geolocation

    How to load-balance by geolocation

    The GEO load balancing method directs traffic based on the geographic location of the client, typically using the source IP address. This method helps route users to the nearest or most appropriate regional endpoint, improving performance and supporting data residency compliance.

    Geolocation matching is based on the source IP address relative to the data center location specified in the connector associated with the virtual server. The matching follows this order:

    1. Region (e.g., state or province)

    2. If no region match, fall back to country

    3. If no country match, fall back to continent

    4. If no continent match, use Weighted Round Robin

    Example: One virtual server is configured in US–California.

    • A query from a source IP in Canada will also match this virtual server if no other virtual server exists anywhere in the US.

    • A query from a source IP in US–Oregon will match this virtual server if no other virtual server exists in US–Oregon.

    Configure load balancing by geolocation

    1. Create FQDN in GSLB Services and create an FQDN member.

      If your deployment requires strict geographical matching, we recommend enabling the Respond Single Record option under FQDN settings.
    2. Create a new Virtual Server Pool and use GEO preferred method in Pool.
    3. Choose existing virtual servers for Pool. You can also create several new connectors with different Data Centers. Create new Connector member (Virtual Server) into Connectors.
    4. The FQDN will respond to the DNS query according to the virtual server’s location in Connectors and the DNS query’s source IP.
    Previous
    Next