Fortinet black logo

Handbook

Home FortiGate / FortiOS 6.0.0 Handbook

Example Adding a server load balance port forwarding virtual IP

6.0.0
6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:719448
Download PDF

Example Adding a server load balance port forwarding virtual IP

In this example, a virtual web server with IP address 192.168.37.4 on the Internet, is mapped to three real web servers connected to the FortiGate unit dmz1 interface. The real servers have IP addresses 10.10.123.42, 10.10.123.43, and 10.10.123.44. The virtual server uses the First Alive load balancing method.

Each real server accepts HTTP connections on a different port number. The first real server accepts connections on port 8080, the second on port 8081, and the third on 8082. The configuration also includes an HTTP health check monitor that includes a URL used by the FortiGate unit for get requests to monitor the health of the real servers.

Connections to the virtual web server at IP address 192.168.37.4 from the Internet are translated and load balanced to the real servers by the FortiGate unit. First alive load balancing directs all sessions to the first real server. The computers on the Internet are unaware of this translation and load balancing and see a single virtual server at IP address 192.168.37.4 rather than the three real servers behind the FortiGate unit.

Server load balance virtual IP port forwarding

To complete this configuration, all of the steps would be the same as in Example Adding a server load balance port forwarding virtual IP except for configuring the real servers.

To add the real servers to the virtual server

Use the following steps to add three real servers to the virtual server Load_Bal_VS1. These real servers cause the FortiGate unit to forward HTTP packets to the three real servers on ports 8080, 8081, and 8082.

  1. Go to Policy & Objects > Virtual Servers and edit the Load_Bal_VS1 virtual server.
  2. Select Create New.
  3. Add the following three real servers. Each real server must include the IP address of a real server on the internal network and have a different port number.

    Configuration for the first real server.

IP Address

10.10.10.42

Port

8080

Max Connections

0

Mode

Active

Configuration for the second real server.

IP

10.10.10.43

Port

8081

Max Connections

0

Mode

Active

Configuration for the third real server.

IP

10.10.10.44

Port

8082

Max Connections

0

Mode

Active
Previous
Next

Example Adding a server load balance port forwarding virtual IP

In this example, a virtual web server with IP address 192.168.37.4 on the Internet, is mapped to three real web servers connected to the FortiGate unit dmz1 interface. The real servers have IP addresses 10.10.123.42, 10.10.123.43, and 10.10.123.44. The virtual server uses the First Alive load balancing method.

Each real server accepts HTTP connections on a different port number. The first real server accepts connections on port 8080, the second on port 8081, and the third on 8082. The configuration also includes an HTTP health check monitor that includes a URL used by the FortiGate unit for get requests to monitor the health of the real servers.

Connections to the virtual web server at IP address 192.168.37.4 from the Internet are translated and load balanced to the real servers by the FortiGate unit. First alive load balancing directs all sessions to the first real server. The computers on the Internet are unaware of this translation and load balancing and see a single virtual server at IP address 192.168.37.4 rather than the three real servers behind the FortiGate unit.

Server load balance virtual IP port forwarding

To complete this configuration, all of the steps would be the same as in Example Adding a server load balance port forwarding virtual IP except for configuring the real servers.

To add the real servers to the virtual server

Use the following steps to add three real servers to the virtual server Load_Bal_VS1. These real servers cause the FortiGate unit to forward HTTP packets to the three real servers on ports 8080, 8081, and 8082.

  1. Go to Policy & Objects > Virtual Servers and edit the Load_Bal_VS1 virtual server.
  2. Select Create New.
  3. Add the following three real servers. Each real server must include the IP address of a real server on the internal network and have a different port number.

    Configuration for the first real server.

IP Address

10.10.10.42

Port

8080

Max Connections

0

Mode

Active

Configuration for the second real server.

IP

10.10.10.43

Port

8081

Max Connections

0

Mode

Active

Configuration for the third real server.

IP

10.10.10.44

Port

8082

Max Connections

0

Mode

Active
Previous
Next