Fortinet black logo

Version:

7.0.13
7.0.12
7.0.10

Version:

7.0.5
6.4.14
6.4.13

Version:

6.4.12
6.4.10
6.4.8

Version:

6.4.6
6.4.2
6.2.15

Version:

6.2.13
6.2.12
6.2.11

Version:

6.2.10
6.2.9
6.2.7

Version:

6.2.6
6.2.4
6.2.3

Version:

6.0.17
6.0.16
6.0.15

Version:

6.0.14
6.0.13
6.0.12

Version:

6.0.10
6.0.9
6.0.8

Version:

6.0.6
6.0.4
5.6.14

Version:

5.6.12
5.6.11
5.6.7

Version:

5.4.10

Table of Contents

FortiGate-6000 Handbook

6.0.4
7.0.13
7.0.12
7.0.10
7.0.5
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.10
Download PDF
Copy Doc ID 25038b48-5585-11e9-81a4-00505692583a:210538
Copy Link

Load balancing and flow rules

This chapter provides an overview of how FortiGate-6000 Session-Aware Load Balancing (SLBC) works and then breaks down the details and explains why you might want to change some load balancing settings.

Note For information about IPsec load balancing, see FortiGate-6000 IPsec VPN.

FortiGate-6000 SLBC works as follows.

  1. SLBC attempts to match all incoming sessions with a configured flow rule (see Load balancing and flow rules). If a session matches a flow rule, the session is directed according to the action setting of the flow rule. Usually flow rules send traffic that can't be load balanced to a specific FPC.

  2. TCP, UDP, SCTP, ICMP (IPv4 only) and ESP (IPv4 only) sessions that do not match a flow rule are directed to the DP3 processors.

    The DP3 processors distribute sessions to the FPCs according to the load balancing method set by the dp-load-distribution-method option of the config load-balance setting command.

  3. All other sessions are sent to the primary (or master) FPC.

Previous
Next

Load balancing and flow rules

This chapter provides an overview of how FortiGate-6000 Session-Aware Load Balancing (SLBC) works and then breaks down the details and explains why you might want to change some load balancing settings.

Note For information about IPsec load balancing, see FortiGate-6000 IPsec VPN.

FortiGate-6000 SLBC works as follows.

  1. SLBC attempts to match all incoming sessions with a configured flow rule (see Load balancing and flow rules). If a session matches a flow rule, the session is directed according to the action setting of the flow rule. Usually flow rules send traffic that can't be load balanced to a specific FPC.

  2. TCP, UDP, SCTP, ICMP (IPv4 only) and ESP (IPv4 only) sessions that do not match a flow rule are directed to the DP3 processors.

    The DP3 processors distribute sessions to the FPCs according to the load balancing method set by the dp-load-distribution-method option of the config load-balance setting command.

  3. All other sessions are sent to the primary (or master) FPC.

Previous
Next