Fortinet white logo
Fortinet white logo

FortiGate-7000F Administration Guide

Setting the load balancing method for individual VDOMs

Setting the load balancing method for individual VDOMs

You can use the following command to set a custom load balancing method for an individual VDOM. All of the traffic destined for that VDOM will be distributed to FPMs by the NP7 load balancers according to the following setting:

config system settings

set dp-load-distribution-method {derived | to-primary | src-ip | dst-ip | src-dst-ip | src-ip-sport | dst-ip-dport | src-dst-ip-sport-dport}

end

The default load balancing method, derived, means traffic for that VDOM uses the global load balancing method set by the dp-load-distribution-method option of the global config load-balance setting command.

For information about the other load balancing methods, see FortiGate-7000F config CLI commands.

Note

The to-primary option of the config system settings version of the dp-load-distribution-method command is the same the to-primary option of the config load-balance settings version of the dp-load-distribution-method command.

Setting the load balancing method for individual VDOMs allows you separate traffic that requires different load balancing methods to different VDOMs, and then set the load balancing method for that VDOM to be optimal for the traffic handled by that VDOM.

One example application of this feature could be to support FortiGate firewall and content filtering services that involve users accessing a web page presented by a FortiGate proxy service (for example, a web filtering warning page displayed by proxy-based web filtering). Supporting this feature requires setting the dp-load-distribution-method to src-ip or src-dist-ip. You could create one or more VDOMs for these proxy-based firewall and content proxy services and set the dp-load-distribution-method for those VDOMs to src-ip or src-dist-ip. For more information, see the Fortinet Community article Technical Tip: Warning prompt when reaching the web server .

Setting the load balancing method for individual VDOMs has the following limitations:

  • The Global ICMP load balancing method applies to all VDOMs (see ICMP load balancing.). You cannot set a different ICMP load balancing method for an individual VDOM.

  • You enable SSL VPN load balancing using a global setting and SSL VPN load balancing only works with some load balancing methods (see SSL VPN load balancing for details). If you enable SSL VPN load balancing, you cannot set a load balancing method for an individual VDOM that is not supported by SSL VPN load balancing.

    If SSL VPN load balancing is enabled, you can set a load balancing method for an individual VDOM that is different from the global load balancing method, as long as this load balancing method is supported by SSL VPN load balancing.

  • You can't enable SSL VPN load balancing if you have previously configured an individual VDOM to use a load balancing method not supported by SSL VPN load balancing.

Setting the load balancing method for individual VDOMs

Setting the load balancing method for individual VDOMs

You can use the following command to set a custom load balancing method for an individual VDOM. All of the traffic destined for that VDOM will be distributed to FPMs by the NP7 load balancers according to the following setting:

config system settings

set dp-load-distribution-method {derived | to-primary | src-ip | dst-ip | src-dst-ip | src-ip-sport | dst-ip-dport | src-dst-ip-sport-dport}

end

The default load balancing method, derived, means traffic for that VDOM uses the global load balancing method set by the dp-load-distribution-method option of the global config load-balance setting command.

For information about the other load balancing methods, see FortiGate-7000F config CLI commands.

Note

The to-primary option of the config system settings version of the dp-load-distribution-method command is the same the to-primary option of the config load-balance settings version of the dp-load-distribution-method command.

Setting the load balancing method for individual VDOMs allows you separate traffic that requires different load balancing methods to different VDOMs, and then set the load balancing method for that VDOM to be optimal for the traffic handled by that VDOM.

One example application of this feature could be to support FortiGate firewall and content filtering services that involve users accessing a web page presented by a FortiGate proxy service (for example, a web filtering warning page displayed by proxy-based web filtering). Supporting this feature requires setting the dp-load-distribution-method to src-ip or src-dist-ip. You could create one or more VDOMs for these proxy-based firewall and content proxy services and set the dp-load-distribution-method for those VDOMs to src-ip or src-dist-ip. For more information, see the Fortinet Community article Technical Tip: Warning prompt when reaching the web server .

Setting the load balancing method for individual VDOMs has the following limitations:

  • The Global ICMP load balancing method applies to all VDOMs (see ICMP load balancing.). You cannot set a different ICMP load balancing method for an individual VDOM.

  • You enable SSL VPN load balancing using a global setting and SSL VPN load balancing only works with some load balancing methods (see SSL VPN load balancing for details). If you enable SSL VPN load balancing, you cannot set a load balancing method for an individual VDOM that is not supported by SSL VPN load balancing.

    If SSL VPN load balancing is enabled, you can set a load balancing method for an individual VDOM that is different from the global load balancing method, as long as this load balancing method is supported by SSL VPN load balancing.

  • You can't enable SSL VPN load balancing if you have previously configured an individual VDOM to use a load balancing method not supported by SSL VPN load balancing.