Fortinet black logo

Cloud Deployment Guide (AWS EC2)

Home FortiProxy Public Cloud 7.2.0 Cloud Deployment Guide (AWS EC2)
7.2.0
7.4.0
7.2.0
7.0.0
1.2.8

Setting up load balancing

Setting up load balancing

To set up load balancing for the HA cluster:
  1. Log in to the AWS Management Console and click EC2 in the homepage.

  2. Click Target Groups in the Load Balancing section on the left menu.

  3. Click Create target group on the top right corner.

  4. Specify the basic configurations of the target group:
    1. Under the Target type option, select IP address.
    2. In the Target group name field, specify a name to identify the target group.
    3. Specify the protocol and port for the target group. Make sure that the protocol and port have been configured as allowed in the security group. This example uses TCP/8080.
    4. In the IP address type field, select IPv4 or IPv6 as needed. This example uses IPv4.
    5. Select the VPC that you created.
    6. Select the protocol under Health check protocol.
    7. Expand Advanced health check settings and select Override under Health check port.
    8. Click Next.

  5. Register targets for the target group by adding the IP addresses of the public interfaces of all FortiProxy instances.

    1. Under Network option, verify that your VPC is selected.
    2. Specify the IP address of the public interface of the first FortiProxy instance and then click Add IPv4 address to add the IP address of the public interface of the second FortiProxy.
    3. Verify the ports.
    4. Click Include as pending below.

    5. Verify that both IPs are listed in the Targets list as pending and click Create target group.

  6. If IP-based authentication is required, such as in explicit web proxy, edit the attributes of the target group as follows:

    1. In the target group details page, click the Attributes tab and click Edit in the top-right corner.

    2. Enable Preserve client IP addresses so that IP-based authentication can mark the correct user node for each client.

    3. Enable Turn on stickiness to ensure the source IP is affiliated for IP-based authentication.

  7. Click Load Balancers in the Load Balancing section on the left menu.

  8. Click Create load balancer in the top-right corner.

  9. Select Network Load Balancer and click Create.

  10. Configure the options for the load balancer:
    1. Specify a name to identify the load balancer.
    2. Select Internet-facing under IP address type.
    3. In the IP address type field, select IPv4 or IPv6 as needed. This example uses IPv4.
    4. Select the VPC that you created.
    5. Select the 2 availability zones and select the public subnet that you created under each.
    6. Under IPv4 address of the first AZ, select Use an Elastic IP address and then select the elastic IP address you created earlier.
    7. Under IPv4 address of the second AZ, select Assigned by AWS.
    8. Select the security group that you created.
    9. Under Listeners and routing, specify the protocol and port, and select the target group for each register target. To add more entries, click Add listener.
    10. Click Create load balancer.

  11. In the load balancer details page, click Actions > Edit load balancer attributes.

  12. Select Enable cross-zone load balancing.

  13. Go back to the Load Balancing > Target Groups left menu, click Actions > Associate with an existing load balancer and select the load balancer to associate it with the target group.

Previous
Next

Setting up load balancing

To set up load balancing for the HA cluster:
  1. Log in to the AWS Management Console and click EC2 in the homepage.

  2. Click Target Groups in the Load Balancing section on the left menu.

  3. Click Create target group on the top right corner.

  4. Specify the basic configurations of the target group:
    1. Under the Target type option, select IP address.
    2. In the Target group name field, specify a name to identify the target group.
    3. Specify the protocol and port for the target group. Make sure that the protocol and port have been configured as allowed in the security group. This example uses TCP/8080.
    4. In the IP address type field, select IPv4 or IPv6 as needed. This example uses IPv4.
    5. Select the VPC that you created.
    6. Select the protocol under Health check protocol.
    7. Expand Advanced health check settings and select Override under Health check port.
    8. Click Next.

  5. Register targets for the target group by adding the IP addresses of the public interfaces of all FortiProxy instances.

    1. Under Network option, verify that your VPC is selected.
    2. Specify the IP address of the public interface of the first FortiProxy instance and then click Add IPv4 address to add the IP address of the public interface of the second FortiProxy.
    3. Verify the ports.
    4. Click Include as pending below.

    5. Verify that both IPs are listed in the Targets list as pending and click Create target group.

  6. If IP-based authentication is required, such as in explicit web proxy, edit the attributes of the target group as follows:

    1. In the target group details page, click the Attributes tab and click Edit in the top-right corner.

    2. Enable Preserve client IP addresses so that IP-based authentication can mark the correct user node for each client.

    3. Enable Turn on stickiness to ensure the source IP is affiliated for IP-based authentication.

  7. Click Load Balancers in the Load Balancing section on the left menu.

  8. Click Create load balancer in the top-right corner.

  9. Select Network Load Balancer and click Create.

  10. Configure the options for the load balancer:
    1. Specify a name to identify the load balancer.
    2. Select Internet-facing under IP address type.
    3. In the IP address type field, select IPv4 or IPv6 as needed. This example uses IPv4.
    4. Select the VPC that you created.
    5. Select the 2 availability zones and select the public subnet that you created under each.
    6. Under IPv4 address of the first AZ, select Use an Elastic IP address and then select the elastic IP address you created earlier.
    7. Under IPv4 address of the second AZ, select Assigned by AWS.
    8. Select the security group that you created.
    9. Under Listeners and routing, specify the protocol and port, and select the target group for each register target. To add more entries, click Add listener.
    10. Click Create load balancer.

  11. In the load balancer details page, click Actions > Edit load balancer attributes.

  12. Select Enable cross-zone load balancing.

  13. Go back to the Load Balancing > Target Groups left menu, click Actions > Associate with an existing load balancer and select the load balancer to associate it with the target group.

Previous
Next