Fortinet black logo

FortiGate-6000 Handbook

Home FortiGate-6000 6.0.4 FortiGate-6000 Handbook
6.0.4
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.10

Load balancing and flow rules

Load balancing and flow rules

This chapter provides an overview of how FortiGate-6000 Session-Aware Load Balancing (SLBC) works and then breaks down the details and explains why you might want to change some load balancing settings.

Note For information about IPsec load balancing, see FortiGate-6000 IPsec VPN.

FortiGate-6000 SLBC works as follows.

  1. SLBC attempts to match all incoming sessions with a configured flow rule (see Load balancing and flow rules). If a session matches a flow rule, the session is directed according to the action setting of the flow rule. Usually flow rules send traffic that can't be load balanced to a specific FPC.

  2. TCP, UDP, SCTP, ICMP (IPv4 only) and ESP (IPv4 only) sessions that do not match a flow rule are directed to the DP3 processors.

    The DP3 processors distribute sessions to the FPCs according to the load balancing method set by the dp-load-distribution-method option of the config load-balance setting command.

  3. All other sessions are sent to the primary (or master) FPC.

Previous
Next

Load balancing and flow rules

This chapter provides an overview of how FortiGate-6000 Session-Aware Load Balancing (SLBC) works and then breaks down the details and explains why you might want to change some load balancing settings.

Note For information about IPsec load balancing, see FortiGate-6000 IPsec VPN.

FortiGate-6000 SLBC works as follows.

  1. SLBC attempts to match all incoming sessions with a configured flow rule (see Load balancing and flow rules). If a session matches a flow rule, the session is directed according to the action setting of the flow rule. Usually flow rules send traffic that can't be load balanced to a specific FPC.

  2. TCP, UDP, SCTP, ICMP (IPv4 only) and ESP (IPv4 only) sessions that do not match a flow rule are directed to the DP3 processors.

    The DP3 processors distribute sessions to the FPCs according to the load balancing method set by the dp-load-distribution-method option of the config load-balance setting command.

  3. All other sessions are sent to the primary (or master) FPC.

Previous
Next