Load balancing and flow rules
This chapter provides an overview of how FortiGate-7000 Session-Aware Load Balancing (SLBC) works and then breaks down the details and explains why you might want to change some load balancing settings.
For information about IPsec load balancing, see FortiGate-7000 IPsec VPN. |
FortiGate-7000 SLBC works as follows.
- SLBC attempts to match all incoming sessions with a configured flow rule (see Load balancing and flow rules). If a session matches a flow rule, the session is directed according to the action setting of the flow rule. Usually flow rules send traffic that can't be load balanced to a specific FPM.
- TCP, UDP, SCTP, ICMP (IPv4 only) and ESP (IPv4 only) sessions that do not match a flow rule are directed to the DP2 processors.
The DP2 processors distribute sessions to the FPMs according to the load balancing method set by thedp-load-distribution-method
option of theconfig load-balance setting
command.
- All other sessions are sent to the primary (or master) FPM.