Fortinet black logo

Administration Guide

Home FortiWeb 7.4.3 Administration Guide
7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.10
7.0.9
7.0.8
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.2
6.4.1
6.4.0
6.3.23
6.3.19
6.3.18
6.3.17
6.3.16
6.3.15
6.3.14
6.3.13
6.3.11
6.3.10
6.3.9
6.3.7
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.2
6.1.1
5.7.0
5.6.1
5.6.0
5.6.0

FortiGSLB

FortiGSLB

Fabric integration with FortiGSLB allows FortiWeb to publish host, domain name, and its paired public IP addresses directly to FortiGSLB. This functionality enables effective load balancing among multiple FortiWeb appliances that are securing the same domain name.

FortiGSLB integrates with FortiWeb through the use of One-Click GSLB. This section covers the following:

By enabling One-Click GSLB, you can load-balance your application across multiple data centers according to server load/state, Geo-IP and latency. In such cases, you can publish this application using a single FQDN on FortiGSLB Cloud. The result is a single domain with multiple unique IP addresses corresponding the different data centers.

As illustrated in the diagram below, users accessing the same domain "www.test.com" can be efficiently directed to the nearest datacenter, minimizing network latency. In the event that a datacenter is identified as unavailable during health checks, the traffic can seamlessly be rerouted to an alternate datacenter.

Packet Flow
  1. The client sends a DNS query to the FortiGSLB Cloud (www.test.com)
  2. FortiGSLB Cloud will redirect the user (based on the application Health Check) to the most available application according to the Geolocation, load, proximity, and service availability.
Configuration prerequisites
  • The account of FortiWeb’s license should have a valid FortiGSLB QPS license as well as a valid HealthCheck license.
  • To enable a connector, the account license of FortiWeb must match that of FortiGSLB.
Configuration steps
  1. Enable FortiGSLB connector on FortiWeb.

    Go to Fabric Connectors > FortiGSLB, enable Status and set Server URL as “https://1clickfwb.fortigslb.com”. Click OK.

    If no issues arise, the Cloud Status under FortiGSLB Cloud Status should display as green. The Assigned DNS Server should be the primary anycast IP address assigned by FortiGSLB.
  2. Create a server policy on FortiWeb.

    Go to Policy > Server Policy, click Create New to set up the server policy. In the New Policy page, enable One Click GSLB Server.

  3. Enter the Host Name of this FortiWeb appliance.
  4. Enter the Domain Name of your application (for example, "test.com").
  5. Depending on FortiWeb's role in your network, the Public IP address can be either one of the following:

  • If FortiWeb is deployed within a private network, and has a gateway (such as FortiGate) positioned in front of it (as illustrated below), you should enter the gateway's public IP in this setting.
    In scenarios involving multiple gateways connected to multiple FortiWeb appliances, you should activate the One Click GSLB Server feature in each FortiWeb appliance. Subsequently, specify the public IP address of the particular gateway in the corresponding FortiWeb's One Click GSLB Server settings.

  • If FortiWeb is directly connected to the Internet, without a FortiGate in the above diagram, you should enter FortiWeb's public IP in this setting. Please note that in this scenario you can leave the Public IP table empty. The public IP address associated with the virtual server will be automatically pushed to FortiGSLB.

  • Click OK at the bottom of the page. FortiWeb will periodically synchronize the One-Click GSLB Server settings with FortiGSLB Cloud to ensure that FortiGSLB Cloud always reflects the latest settings.
  • Log in to FortiGSLB Cloud: https://fortigslb.com/#/login.
  • Go to Organization via the left side navigation bar, and select default.
  • Go to GSLB Services via the left side navigation bar.
  • You will find an FQDN entry pairing your domain name with the public IP you have set in FortiWeb. Click on the name. This opens a window that displays more details. If you can't find the entry, please see Troubleshooting.
  • After the connection is built between FortiWeb and FortiGSLB Cloud, and the FQDN entries are all correctly synched, you need to go to your DNS service, and add or edit the authorized name server of the application domain to point it to FortiGSLB Cloud. The IP address of FortiGSLB Cloud can be obtained in FortiWeb > Fabric Connectors > FortiGSLB. You can also log in to FortiGSLB Cloud and get the IP addresses as shown below.
    For more information on how to edit or add the DNS name server, see this article.

    • Troubleshooting

    To troubleshoot connection errors between FortiWeb and FortiGSLB, log in to your FortiWeb account and go to Log&Report > Log Access > Event. Click Add Filter, select Message, and set the keyword to 'FortiGSLB'.

    Previous
    Next

    FortiGSLB

    Fabric integration with FortiGSLB allows FortiWeb to publish host, domain name, and its paired public IP addresses directly to FortiGSLB. This functionality enables effective load balancing among multiple FortiWeb appliances that are securing the same domain name.

    FortiGSLB integrates with FortiWeb through the use of One-Click GSLB. This section covers the following:

    By enabling One-Click GSLB, you can load-balance your application across multiple data centers according to server load/state, Geo-IP and latency. In such cases, you can publish this application using a single FQDN on FortiGSLB Cloud. The result is a single domain with multiple unique IP addresses corresponding the different data centers.

    As illustrated in the diagram below, users accessing the same domain "www.test.com" can be efficiently directed to the nearest datacenter, minimizing network latency. In the event that a datacenter is identified as unavailable during health checks, the traffic can seamlessly be rerouted to an alternate datacenter.

    Packet Flow
    1. The client sends a DNS query to the FortiGSLB Cloud (www.test.com)
    2. FortiGSLB Cloud will redirect the user (based on the application Health Check) to the most available application according to the Geolocation, load, proximity, and service availability.
    Configuration prerequisites
    • The account of FortiWeb’s license should have a valid FortiGSLB QPS license as well as a valid HealthCheck license.
    • To enable a connector, the account license of FortiWeb must match that of FortiGSLB.
    Configuration steps
    1. Enable FortiGSLB connector on FortiWeb.

      Go to Fabric Connectors > FortiGSLB, enable Status and set Server URL as “https://1clickfwb.fortigslb.com”. Click OK.

      If no issues arise, the Cloud Status under FortiGSLB Cloud Status should display as green. The Assigned DNS Server should be the primary anycast IP address assigned by FortiGSLB.
    2. Create a server policy on FortiWeb.

      Go to Policy > Server Policy, click Create New to set up the server policy. In the New Policy page, enable One Click GSLB Server.

    3. Enter the Host Name of this FortiWeb appliance.
    4. Enter the Domain Name of your application (for example, "test.com").
    5. Depending on FortiWeb's role in your network, the Public IP address can be either one of the following:

    • If FortiWeb is deployed within a private network, and has a gateway (such as FortiGate) positioned in front of it (as illustrated below), you should enter the gateway's public IP in this setting.
      In scenarios involving multiple gateways connected to multiple FortiWeb appliances, you should activate the One Click GSLB Server feature in each FortiWeb appliance. Subsequently, specify the public IP address of the particular gateway in the corresponding FortiWeb's One Click GSLB Server settings.

    • If FortiWeb is directly connected to the Internet, without a FortiGate in the above diagram, you should enter FortiWeb's public IP in this setting. Please note that in this scenario you can leave the Public IP table empty. The public IP address associated with the virtual server will be automatically pushed to FortiGSLB.

  • Click OK at the bottom of the page. FortiWeb will periodically synchronize the One-Click GSLB Server settings with FortiGSLB Cloud to ensure that FortiGSLB Cloud always reflects the latest settings.
  • Log in to FortiGSLB Cloud: https://fortigslb.com/#/login.
  • Go to Organization via the left side navigation bar, and select default.
  • Go to GSLB Services via the left side navigation bar.
  • You will find an FQDN entry pairing your domain name with the public IP you have set in FortiWeb. Click on the name. This opens a window that displays more details. If you can't find the entry, please see Troubleshooting.
  • After the connection is built between FortiWeb and FortiGSLB Cloud, and the FQDN entries are all correctly synched, you need to go to your DNS service, and add or edit the authorized name server of the application domain to point it to FortiGSLB Cloud. The IP address of FortiGSLB Cloud can be obtained in FortiWeb > Fabric Connectors > FortiGSLB. You can also log in to FortiGSLB Cloud and get the IP addresses as shown below.
    For more information on how to edit or add the DNS name server, see this article.

    • Troubleshooting

    To troubleshoot connection errors between FortiWeb and FortiGSLB, log in to your FortiWeb account and go to Log&Report > Log Access > Event. Click Add Filter, select Message, and set the keyword to 'FortiGSLB'.

    Previous
    Next