Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiGate-7000E Administration Guide

    Home FortiGate / FortiOS 7.4.4 FortiGate-7000E Administration Guide
    7.4.4
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5

    Default flow rules for traffic that cannot be load balanced

    Default flow rules for traffic that cannot be load balanced

    The default configure load-balance flow-rule command contains the recommended default flow rules that control how the FortiGate 7000E handles traffic types that cannot be load balanced. All of the default flow rules identify the traffic type using the options available in the command and direct matching traffic to the primary FPM (action set to forward and forward-slot set to master). The default flow rules also include a comment that identifies the traffic type. Most of the flow rules in the default configuration are enabled and are intended to send common traffic types that cannot be load balanced to the primary FPM.

    The default configuration also includes disabled flow rules for Kerberos and PPTP traffic. Normally, you would only need to enable these flow rules if you know that your FortiGate 7000E will be handling these types of traffic.

    Finally, the default configuration disables IPsec VPN flow rules because, by default IPsec VPN load balancing is enabled using the following command:

    config load-balance setting

    set ipsec-load-balance enable

    end

    If you disable IP sec VPN load balancing by setting ipsec-load-balance to disable, the FortiGate 7000E automatically enables the IPsec VPN flow rules and sends all IPsec VPN traffic to the primary FPM.

    Note

    You can find text files containing the FortiGate 7000E default flow rules in the same folders as firmware images on the Fortinet Support Download Firmware Images page.
    Previous
    Next

    Default flow rules for traffic that cannot be load balanced

    Default flow rules for traffic that cannot be load balanced

    The default configure load-balance flow-rule command contains the recommended default flow rules that control how the FortiGate 7000E handles traffic types that cannot be load balanced. All of the default flow rules identify the traffic type using the options available in the command and direct matching traffic to the primary FPM (action set to forward and forward-slot set to master). The default flow rules also include a comment that identifies the traffic type. Most of the flow rules in the default configuration are enabled and are intended to send common traffic types that cannot be load balanced to the primary FPM.

    The default configuration also includes disabled flow rules for Kerberos and PPTP traffic. Normally, you would only need to enable these flow rules if you know that your FortiGate 7000E will be handling these types of traffic.

    Finally, the default configuration disables IPsec VPN flow rules because, by default IPsec VPN load balancing is enabled using the following command:

    config load-balance setting

    set ipsec-load-balance enable

    end

    If you disable IP sec VPN load balancing by setting ipsec-load-balance to disable, the FortiGate 7000E automatically enables the IPsec VPN flow rules and sends all IPsec VPN traffic to the primary FPM.

    Note

    You can find text files containing the FortiGate 7000E default flow rules in the same folders as firmware images on the Fortinet Support Download Firmware Images page.
    Previous
    Next