Fortinet black logo

Session-Aware Load Balancing Cluster Guide

Using the GUI to configure NAT/Route mode

5.2.10
Copy Link
Copy Doc ID 31a89d05-200d-11e9-b6f6-f8bc1258b856:504793
Download PDF

Using the GUI to configure NAT/Route mode

To configure DNS settings
  1. Log into the FortiController GUI.
  2. Go to Load Balance > Status and select the Config Master icon beside the primary worker, which is always the top entry in the list.
  3. Log into the worker GUI.

    Note You can also connect to the worker GUI by browsing directly to the External Management IP/Netmask.
  4. Go to System > Network > DNS and configure DNS settings as required.
To configure an interface
  1. Go to Virtual Domains > root.
  2. Go to System > Network > Interfaces and Edit an interface (for example, fctrl/f1).
  3. Configure the interface as required, for example set the Addressing Mode to Manual and set the IP/Netmask to 172.20.120.10/255.255.255.0.
  4. Select OK.
  5. Repeat for all interfaces connected to networks.
To add a default route
  1. Go to Router > Static and select Create New and configure the default route:

    Destination IP/Mask 0.0.0.0/0.0.0.0
    Device fctrl/f1
    Gateway 172.20.120.2
  2. Select OK.
To allow users on the internal network to connect to the Internet
  1. Go to Policy > Policy > Policy and select Create New to add the following security policy.

    Policy Type Firewall
    Policy Subtype Address
    Incoming Interface fctrl/f2
    Source Address all
    Outgoing Interface fctrl/f1
    Destination Address all
    Schedule always
    Service ALL
    Action ACCEPT
  2. Select Enable NAT and Use Destination Interface Address.
  3. Select other security policy options as required (for example, add Security Profiles).
  4. Select OK.

Using the GUI to configure NAT/Route mode

To configure DNS settings
  1. Log into the FortiController GUI.
  2. Go to Load Balance > Status and select the Config Master icon beside the primary worker, which is always the top entry in the list.
  3. Log into the worker GUI.

    Note You can also connect to the worker GUI by browsing directly to the External Management IP/Netmask.
  4. Go to System > Network > DNS and configure DNS settings as required.
To configure an interface
  1. Go to Virtual Domains > root.
  2. Go to System > Network > Interfaces and Edit an interface (for example, fctrl/f1).
  3. Configure the interface as required, for example set the Addressing Mode to Manual and set the IP/Netmask to 172.20.120.10/255.255.255.0.
  4. Select OK.
  5. Repeat for all interfaces connected to networks.
To add a default route
  1. Go to Router > Static and select Create New and configure the default route:

    Destination IP/Mask 0.0.0.0/0.0.0.0
    Device fctrl/f1
    Gateway 172.20.120.2
  2. Select OK.
To allow users on the internal network to connect to the Internet
  1. Go to Policy > Policy > Policy and select Create New to add the following security policy.

    Policy Type Firewall
    Policy Subtype Address
    Incoming Interface fctrl/f2
    Source Address all
    Outgoing Interface fctrl/f1
    Destination Address all
    Schedule always
    Service ALL
    Action ACCEPT
  2. Select Enable NAT and Use Destination Interface Address.
  3. Select other security policy options as required (for example, add Security Profiles).
  4. Select OK.