Fortinet black logo

Handbook

Example Weighted load balancing configuration

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:820942
Download PDF

Example Weighted load balancing configuration

This example shows how to using firewall load balancing to load balances all traffic among 3 real servers. In the example the Internet is connected to port2 and the virtual IP address of the virtual server is 192.168.20.20. The load balancing method is weighted. The IP addresses of the real servers are 10.10.10.1, 10.10.10.2, and 10.10.10.3. The weights for the real servers are 1, 2, and 3.

This configuration does not include a health check monitor.

GUI configuration

Use the following procedures to configure this load balancing setup from the FortiGate GUI.

To add the HTTP virtual server
  1. Go to Policy & Objects > Virtual Servers.
  2. Select Create New.
  3. Add an IP virtual server that allows users on the Internet to connect to the real servers on the internal network. In this example, the FortiGate port2 interface is connected to the Internet.
  4. Name

    HTTP_weghted_LB

    Type

    IP

    Interface

    port2

    Virtual Server IP

    192.168.20.20

    Load Balance Method

    Weighted

    All other virtual server settings are not required or cannot be changed.

  5. Under Real Servers select Create New.
  6. Add three real servers. Because the Load Balancing Method is Weighted, each real server includes a weight. Servers with a higher weight receive a more sessions.

    Configuration for the first real server.
  7. IP Address

    10.10.10.1

    Weight

    1

    Max Connections

    0

    Setting Max Connections to 0 means the FortiGate unit does not limit the number of connections to the real server.

    Mode

    Active

    Configuration for the second real server.

    IP Address

    10.10.10.2

    Weight

    2

    Max Connections

    0

    Mode

    Active

    Configuration for the third real server.

    IP Address

    10.10.10.3

    Weight

    3

    Max Connections

    0

    Mode

    Active

To add the virtual server to a security policy

Add a port2 to port1 security policy that uses the virtual server so that when users on the Internet attempt to connect to the web server’s IP address, packets pass through the FortiGate unit from the wan1 interface to the dmz1 interface. The virtual IP translates the destination address of these packets from the virtual server IP address to the real server IP addresses.

  1. Go to Policy & Objects > IPv4 Policy.
  2. Select Create New.
  3. Configure the security policy:
  4. Name

    Policy name

    Incoming Interface

    port2

    Outgoing Interface

    port1

    Source

    all (or a more specific address)

    Destination

    HTTP_weghted_LB

    Schedule

    always

    Service

    ALL

    Action

    ACCEPT

    NAT

    Select this option and select Use Destination Interface Address.

  5. Select other security policy options as required.
  6. Select OK.

CLI configuration

Load balancing is configured from the CLI using the config firewall vip command and by setting type to server-load-balance. The default weight is 1 and does not have to be changed for the first real server.

Use the following command to add the virtual server and the three weighted real servers.

config firewall vip

edit HTTP_weghted_LB

set type server-load-balance

set server-type ip

set extintf port2

set extip 192.168.20.20

set ldb-method weighted

config realservers

edit 1

set ip 10.10.10.1

next

edit 2

set ip 10.10.10.2

set weight 2

next

edit 3

set ip 10.10.10.3

set weight 3

end

end

Example Weighted load balancing configuration

This example shows how to using firewall load balancing to load balances all traffic among 3 real servers. In the example the Internet is connected to port2 and the virtual IP address of the virtual server is 192.168.20.20. The load balancing method is weighted. The IP addresses of the real servers are 10.10.10.1, 10.10.10.2, and 10.10.10.3. The weights for the real servers are 1, 2, and 3.

This configuration does not include a health check monitor.

GUI configuration

Use the following procedures to configure this load balancing setup from the FortiGate GUI.

To add the HTTP virtual server
  1. Go to Policy & Objects > Virtual Servers.
  2. Select Create New.
  3. Add an IP virtual server that allows users on the Internet to connect to the real servers on the internal network. In this example, the FortiGate port2 interface is connected to the Internet.
  4. Name

    HTTP_weghted_LB

    Type

    IP

    Interface

    port2

    Virtual Server IP

    192.168.20.20

    Load Balance Method

    Weighted

    All other virtual server settings are not required or cannot be changed.

  5. Under Real Servers select Create New.
  6. Add three real servers. Because the Load Balancing Method is Weighted, each real server includes a weight. Servers with a higher weight receive a more sessions.

    Configuration for the first real server.
  7. IP Address

    10.10.10.1

    Weight

    1

    Max Connections

    0

    Setting Max Connections to 0 means the FortiGate unit does not limit the number of connections to the real server.

    Mode

    Active

    Configuration for the second real server.

    IP Address

    10.10.10.2

    Weight

    2

    Max Connections

    0

    Mode

    Active

    Configuration for the third real server.

    IP Address

    10.10.10.3

    Weight

    3

    Max Connections

    0

    Mode

    Active

To add the virtual server to a security policy

Add a port2 to port1 security policy that uses the virtual server so that when users on the Internet attempt to connect to the web server’s IP address, packets pass through the FortiGate unit from the wan1 interface to the dmz1 interface. The virtual IP translates the destination address of these packets from the virtual server IP address to the real server IP addresses.

  1. Go to Policy & Objects > IPv4 Policy.
  2. Select Create New.
  3. Configure the security policy:
  4. Name

    Policy name

    Incoming Interface

    port2

    Outgoing Interface

    port1

    Source

    all (or a more specific address)

    Destination

    HTTP_weghted_LB

    Schedule

    always

    Service

    ALL

    Action

    ACCEPT

    NAT

    Select this option and select Use Destination Interface Address.

  5. Select other security policy options as required.
  6. Select OK.

CLI configuration

Load balancing is configured from the CLI using the config firewall vip command and by setting type to server-load-balance. The default weight is 1 and does not have to be changed for the first real server.

Use the following command to add the virtual server and the three weighted real servers.

config firewall vip

edit HTTP_weghted_LB

set type server-load-balance

set server-type ip

set extintf port2

set extip 192.168.20.20

set ldb-method weighted

config realservers

edit 1

set ip 10.10.10.1

next

edit 2

set ip 10.10.10.2

set weight 2

next

edit 3

set ip 10.10.10.3

set weight 3

end

end