Fortinet black logo

Session-Aware Load Balancing Cluster Guide

Worker communication with FortiGuard

5.2.10
Copy Link
Copy Doc ID 31a89d05-200d-11e9-b6f6-f8bc1258b856:410966
Download PDF

Worker communication with FortiGuard

Individual workers need to be able to communicate with FortiGuard for anti virus updates, IPS updates, application control updates, FortiGuard web filtering lookups and other FortiGuard services. You can do this by adding a default route to the worker elbc-mgmt VDOM that points at the FortiController internal management interface. This causes each worker to route Internet-bound management traffic over the internal management network. The FortiController then forwards this traffic to the Internet using its default route.

When you add the default route to the primary worker elbc-mgmt VDOM it is synchronized to all of the workers in the cluster.

config vdom

edit elbc-mgmt

config router static

set device base-mgmt

set gateway 10.101.10.1

end

end

The gateway address is on the same subnet as the FortiController internal management network. If you change the FortiController internal management network you should also change the gateway for this default route. So the default gateway address for this route is 10.101.10.1. If you change the internal management network address to 20.202.20.0, then the gateway for this route would be 20.202.20.1.

Worker communication with FortiGuard

Individual workers need to be able to communicate with FortiGuard for anti virus updates, IPS updates, application control updates, FortiGuard web filtering lookups and other FortiGuard services. You can do this by adding a default route to the worker elbc-mgmt VDOM that points at the FortiController internal management interface. This causes each worker to route Internet-bound management traffic over the internal management network. The FortiController then forwards this traffic to the Internet using its default route.

When you add the default route to the primary worker elbc-mgmt VDOM it is synchronized to all of the workers in the cluster.

config vdom

edit elbc-mgmt

config router static

set device base-mgmt

set gateway 10.101.10.1

end

end

The gateway address is on the same subnet as the FortiController internal management network. If you change the FortiController internal management network you should also change the gateway for this default route. So the default gateway address for this route is 10.101.10.1. If you change the internal management network address to 20.202.20.0, then the gateway for this route would be 20.202.20.1.