Fortinet black logo

Handbook

Home FortiADC 7.4.3 Handbook

Configuring servers

7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7
Copy Link
Copy Doc ID 452adf09-f14a-11ee-8c42-fa163e15d75b:867126
Download PDF

Configuring servers

In the context of the global server load balance configuration, servers are the local SLB (FortiADC instances or third-party servers) to be load balanced. For FortiADC instances, the GLB checks status and synchronizes configuration from the local SLB so that it can learn the set of virtual servers that can be included in the GLB virtual server pool.

Virtual server discovery illustrates configuration discovery. Placement in this list does not include them in the pool. You also must name them explicitly in the virtual server pool configuration.

Virtual server discovery

Before you begin:
  • You must have created the data center configuration objects that are associated with the local SLB.
  • You must have created virtual server configurations on the local FortiADC SLB. In this procedure, the global SLB discovers them.
  • You must have created gateway configuration objects on the local FortiADC SLB if you want to configure a gateway health check. In this procedure, the global SLB discovers them.
  • You must have created an SDN connector configuration.
    Note: Currently, the SDN Connector option only supports AWS Connectors
  • You must have Read-Write permission for Global Load Balance settings.

After you have created a server configuration object, you can specify it in the global load balancing virtual server pool configuration.

To configure servers:
  1. Go to Global Load Balance > Global Object.
  2. Click the Server tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following GLB Server settings:
    SettingDescription

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the virtual server pool configuration.

    Note: After you initially save the configuration, you cannot edit the name.

    Type

    Select the remote server to use for global server load balancing:

    • FortiADC SLB — use a FortiADC instance.
    • Generic Host — use a third party ADC or server.
    • SDN Connector — use an existing external connector that is connected to the FortiADC Security Fabric.
      Note: Currently, the SDN Connector option only supports AWS Connectors.
    Auth Type

    The Auth Type option is available if Type is FortiADC SLB.

    Select the authentication type:

    • None — No password.
    • TCP MD5SIG — With password, but cannot be used if NAT is in between the client and server. This is because, when using the TCP MD5SIG authentication in a network with NAT in between, the IP layer is encrypted. So is every packet. Because the IP address will be changed, the encryption check will always fail.
    • Auth Verify — The authentication key is sent to the server after a three-way handshake. The key is encrypted and NAT in between will not affect the authentication.
    Password

    The Password option is available if Type is FortiADC SLB and Auth Type is TCP MD5SIG.

    Enter the password to authenticate the key.

    The password you enter here must match the password configured on the FortiADC appliance in a global sever load-balancing configuration.

    User Defined Certificate

    The User Defined Certificate option is available if Type is FortiADC SLB.

    Enable to use a self-defined certificate for authentication.

    Certificate

    The Certificate option is available if Type is FortiADC SLB and User Defined Certificate is enabled.

    Select the local certificate object to use for the GSLB server.

    Address Type

    The Address Type option is available if Type is FortiADC SLB.

    IPv4 or IPv6.

    IP Address/IPv6 Address

    The IP Address or IPv6 Address option is available if Type is FortiADC SLB.

    Specify the IPv4 or IPv6 address for the FortiADC management interface. This IP address is used for synchronization and also status checks. If the management interface is unreachable, the virtual servers for that FortiADC are excluded from DNS responses.

    Port

    The Port option is available if Type is FortiADC SLB.

    Specify the port. Default: 5858 Range: 1-65535.

    SDN Connector

    The SDN Connector option is available if Type is SDN Connector.

    Select the SDN Connector to synchronize to the GSLB server.
    For public SDN type servers, GSLB can update the public IP dynamically.
    Note: Currently, only AWS connectors are supported.

    Use SDN Private IP

    The Use SDN Private IP option is available if Type is SDN Connector.

    Enable to use the SDN Private IP address.

    Data Center

    Select a data center configuration object. The data center configuration object properties are used to establish the proximity of the servers and the client requests.

    Auto-sync

    Enable/disable automatic synchronization with the remote server. When enabled, Global load balancing will synchronize automatically with the server member.

    If auto-sync is enabled for SDN Connector type servers, all instances from the SDN connector will be added as server members.

    Note: When disabling auto-sync, the server member will be cleared and re-synced.

    Health Check Control

    The Health Check Control option is available if Type is Generic Host or SDN Connector.

    Enable/disable health checks for the virtual server list. The health check settings at this configuration level are the parent configuration. When you configure the list, you can specify whether to inherit or override the parent configuration.

    Note: Health checking is built-in, and you can optionally configure a gateway health check.

    Health Check Relationship

    The Health Check Relationship option is available if Type is Generic Host and Health Check Control is enabled.

    • AND—All of the specified health checks must pass for the server to be considered available.
    • OR—One of the specified health checks must pass for the server to be considered available.

    Health Check List

    The Health Check List option is available if Type is Generic Host and Health Check Control is enabled.

    Select one or more health check configuration objects.

  5. Click Save.
    After the GLB Server configuration is saved, the Member section becomes available to configure.
  6. Under the Member section, configure the Member list configuration according to the GLB server type.

    Setting

    Description

    FortiADC SLB

    Discover

    Populate the member list with virtual servers from the local FortiADC configuration. After the list had been populated, you can edit the configuration to add a gateway health check.

    Override

    Select this option if you want to update the discovered virtual server configuration with the latest configuration information whenever you use the Discover utility (for example, additions or changes to previously discovered configurations).

    Unselect this option if you want to preserve the previously discovered configuration and not have it overwritten by the Discover operation.

    Name

    Must match the virtual server configuration name on the local FortiADC.

    Address Type

    IPv4 or IPv6.

    IP Address/IPv6 Address

    Virtual server IPv4 or IPv6 address.

    Gateway

    Enable an additional health check: is the gateway beyond the FortiADC reachable?

    The list of gateway configuration objects is populated by discovery, but you must select the appropriate one from the list.

    Generic Host

    Health Check Inherit

    Enable to inherit the health check settings from the parent configuration. The Health Check Inherit option is enabled by default. Disable to specify health check settings in this member configuration.

    Health Check Control

    The Health Check Control option is available if Health Check Inherit is disabled.

    Enable health checking for the virtual server.

    Health Check Relationship

    The Health Check Relationship option is available if Health Check Inherit is disabled and Health Check Control is enabled.

    • AND—All of the specified health checks must pass for the server to be considered available.
    • OR—One of the specified health checks must pass for the server to be considered available.

    Health Check List

    The Health Check List option is available if Health Check Inherit is disabled and Health Check Control is enabled

    Specify one or more health check configuration objects.

    SDN Connector

    SDN Instance

    Select an instance from the SDN's instance list.

    Health Check Inherit

    Enable to inherit the health check settings from the parent configuration. The Health Check Inherit option is enabled by default. Disable to specify health check settings in this member configuration.

    Health Check Control

    The Health Check Control option is available if Health Check Inherit is disabled.

    Enable health checking for the virtual server.

    Health Check Relationship

    The Health Check Relationship option is available if Health Check Inherit is disabled and Health Check Control is enabled.

    • AND—All of the specified health checks must pass for the server to be considered available.
    • OR—One of the specified health checks must pass for the server to be considered available.

    Health Check List

    The Health Check List option is available if Health Check Inherit is disabled and Health Check Control is enabled

    Specify one or more health check configuration objects.

    Note:

    • If Health Check is disabled for SDN connector server members, their health check status will always appear as available since the status cannot be verified through health check.

    • If the SDN instance is changed in the SDN connector, the SDN connector server member status will not be affected. For example, if the EC2 instance is terminated in AWS, that instance will still remain a server member in the SDN connector GLB server.

  7. Save the Member list configuration and then save the GLB Server configuration to commit the Member list changes.
Previous
Next

Configuring servers

In the context of the global server load balance configuration, servers are the local SLB (FortiADC instances or third-party servers) to be load balanced. For FortiADC instances, the GLB checks status and synchronizes configuration from the local SLB so that it can learn the set of virtual servers that can be included in the GLB virtual server pool.

Virtual server discovery illustrates configuration discovery. Placement in this list does not include them in the pool. You also must name them explicitly in the virtual server pool configuration.

Virtual server discovery

Before you begin:
  • You must have created the data center configuration objects that are associated with the local SLB.
  • You must have created virtual server configurations on the local FortiADC SLB. In this procedure, the global SLB discovers them.
  • You must have created gateway configuration objects on the local FortiADC SLB if you want to configure a gateway health check. In this procedure, the global SLB discovers them.
  • You must have created an SDN connector configuration.
    Note: Currently, the SDN Connector option only supports AWS Connectors
  • You must have Read-Write permission for Global Load Balance settings.

After you have created a server configuration object, you can specify it in the global load balancing virtual server pool configuration.

To configure servers:
  1. Go to Global Load Balance > Global Object.
  2. Click the Server tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following GLB Server settings:
    SettingDescription

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the virtual server pool configuration.

    Note: After you initially save the configuration, you cannot edit the name.

    Type

    Select the remote server to use for global server load balancing:

    • FortiADC SLB — use a FortiADC instance.
    • Generic Host — use a third party ADC or server.
    • SDN Connector — use an existing external connector that is connected to the FortiADC Security Fabric.
      Note: Currently, the SDN Connector option only supports AWS Connectors.
    Auth Type

    The Auth Type option is available if Type is FortiADC SLB.

    Select the authentication type:

    • None — No password.
    • TCP MD5SIG — With password, but cannot be used if NAT is in between the client and server. This is because, when using the TCP MD5SIG authentication in a network with NAT in between, the IP layer is encrypted. So is every packet. Because the IP address will be changed, the encryption check will always fail.
    • Auth Verify — The authentication key is sent to the server after a three-way handshake. The key is encrypted and NAT in between will not affect the authentication.
    Password

    The Password option is available if Type is FortiADC SLB and Auth Type is TCP MD5SIG.

    Enter the password to authenticate the key.

    The password you enter here must match the password configured on the FortiADC appliance in a global sever load-balancing configuration.

    User Defined Certificate

    The User Defined Certificate option is available if Type is FortiADC SLB.

    Enable to use a self-defined certificate for authentication.

    Certificate

    The Certificate option is available if Type is FortiADC SLB and User Defined Certificate is enabled.

    Select the local certificate object to use for the GSLB server.

    Address Type

    The Address Type option is available if Type is FortiADC SLB.

    IPv4 or IPv6.

    IP Address/IPv6 Address

    The IP Address or IPv6 Address option is available if Type is FortiADC SLB.

    Specify the IPv4 or IPv6 address for the FortiADC management interface. This IP address is used for synchronization and also status checks. If the management interface is unreachable, the virtual servers for that FortiADC are excluded from DNS responses.

    Port

    The Port option is available if Type is FortiADC SLB.

    Specify the port. Default: 5858 Range: 1-65535.

    SDN Connector

    The SDN Connector option is available if Type is SDN Connector.

    Select the SDN Connector to synchronize to the GSLB server.
    For public SDN type servers, GSLB can update the public IP dynamically.
    Note: Currently, only AWS connectors are supported.

    Use SDN Private IP

    The Use SDN Private IP option is available if Type is SDN Connector.

    Enable to use the SDN Private IP address.

    Data Center

    Select a data center configuration object. The data center configuration object properties are used to establish the proximity of the servers and the client requests.

    Auto-sync

    Enable/disable automatic synchronization with the remote server. When enabled, Global load balancing will synchronize automatically with the server member.

    If auto-sync is enabled for SDN Connector type servers, all instances from the SDN connector will be added as server members.

    Note: When disabling auto-sync, the server member will be cleared and re-synced.

    Health Check Control

    The Health Check Control option is available if Type is Generic Host or SDN Connector.

    Enable/disable health checks for the virtual server list. The health check settings at this configuration level are the parent configuration. When you configure the list, you can specify whether to inherit or override the parent configuration.

    Note: Health checking is built-in, and you can optionally configure a gateway health check.

    Health Check Relationship

    The Health Check Relationship option is available if Type is Generic Host and Health Check Control is enabled.

    • AND—All of the specified health checks must pass for the server to be considered available.
    • OR—One of the specified health checks must pass for the server to be considered available.

    Health Check List

    The Health Check List option is available if Type is Generic Host and Health Check Control is enabled.

    Select one or more health check configuration objects.

  5. Click Save.
    After the GLB Server configuration is saved, the Member section becomes available to configure.
  6. Under the Member section, configure the Member list configuration according to the GLB server type.

    Setting

    Description

    FortiADC SLB

    Discover

    Populate the member list with virtual servers from the local FortiADC configuration. After the list had been populated, you can edit the configuration to add a gateway health check.

    Override

    Select this option if you want to update the discovered virtual server configuration with the latest configuration information whenever you use the Discover utility (for example, additions or changes to previously discovered configurations).

    Unselect this option if you want to preserve the previously discovered configuration and not have it overwritten by the Discover operation.

    Name

    Must match the virtual server configuration name on the local FortiADC.

    Address Type

    IPv4 or IPv6.

    IP Address/IPv6 Address

    Virtual server IPv4 or IPv6 address.

    Gateway

    Enable an additional health check: is the gateway beyond the FortiADC reachable?

    The list of gateway configuration objects is populated by discovery, but you must select the appropriate one from the list.

    Generic Host

    Health Check Inherit

    Enable to inherit the health check settings from the parent configuration. The Health Check Inherit option is enabled by default. Disable to specify health check settings in this member configuration.

    Health Check Control

    The Health Check Control option is available if Health Check Inherit is disabled.

    Enable health checking for the virtual server.

    Health Check Relationship

    The Health Check Relationship option is available if Health Check Inherit is disabled and Health Check Control is enabled.

    • AND—All of the specified health checks must pass for the server to be considered available.
    • OR—One of the specified health checks must pass for the server to be considered available.

    Health Check List

    The Health Check List option is available if Health Check Inherit is disabled and Health Check Control is enabled

    Specify one or more health check configuration objects.

    SDN Connector

    SDN Instance

    Select an instance from the SDN's instance list.

    Health Check Inherit

    Enable to inherit the health check settings from the parent configuration. The Health Check Inherit option is enabled by default. Disable to specify health check settings in this member configuration.

    Health Check Control

    The Health Check Control option is available if Health Check Inherit is disabled.

    Enable health checking for the virtual server.

    Health Check Relationship

    The Health Check Relationship option is available if Health Check Inherit is disabled and Health Check Control is enabled.

    • AND—All of the specified health checks must pass for the server to be considered available.
    • OR—One of the specified health checks must pass for the server to be considered available.

    Health Check List

    The Health Check List option is available if Health Check Inherit is disabled and Health Check Control is enabled

    Specify one or more health check configuration objects.

    Note:

    • If Health Check is disabled for SDN connector server members, their health check status will always appear as available since the status cannot be verified through health check.

    • If the SDN instance is changed in the SDN connector, the SDN connector server member status will not be affected. For example, if the EC2 instance is terminated in AWS, that instance will still remain a server member in the SDN connector GLB server.

  7. Save the Member list configuration and then save the GLB Server configuration to commit the Member list changes.
Previous
Next