Fortinet black logo

AWS Administration Guide

Home FortiGate Public Cloud 6.4.0 AWS Administration Guide

Configuring FortiGate-VM load balancer using dynamic address objects

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID f4e6f33e-6876-11ea-9384-00505692583a:749449
Download PDF

Configuring FortiGate-VM load balancer using dynamic address objects

FortiOS supports using dynamic firewall addresses in real servers under a virtual server load balancing configuration. Combined with support for the autoscaling group filter (see AWS SDN connector using certificates, this enables you to use the FortiGate as a load balancer in AWS for an autoscaling deployment. You do not need to manually change each server's IP address whenever a scale in/out action occurs, as FortiOS dynamically updates the IP addresses following each scale in/out action.

Consider a scenario where the FortiGate-VM is deployed on AWS and load balancing for three servers. The SDN connector configured in FortiOS dynamically loads the server IP addresses. If a scale in action occurs, the load balancer dynamically updates to load balance to the two remaining servers.

The following instructions assume the following:

  1. An AWS SDN connector is configured and up.
  2. An AWS dynamic firewall address with a filter is configured.
To configure a dynamic address object in a real server under virtual server load balance:

CLI commands introduced in FortiOS 6.4 are shown bolded below.

config firewall vip

edit "0"

set id 0

set uuid 0949dfbe-7512-51ea-4671-d3a706b09657

set comment ''

set type server-load-balance

set extip 0.0.0.0

set extintf "port1"

set arp-reply enable

set server-type http

set nat-source-vip disable

set gratuitous-arp-interval 0

set http-ip-header disable

set color 0

set ldb-method static

set http-redirect disable

set persistence none

set extport 80

config realservers

edit 1

set type address

set address "aws addresses"

set port 8080

set status active

set holddown-interval 300

set healthcheck vip

set max-connections 0

unset client-ip

next

end

set http-multiplex disable

set max-embryonic-connections 1000

next

end

Previous
Next

Configuring FortiGate-VM load balancer using dynamic address objects

FortiOS supports using dynamic firewall addresses in real servers under a virtual server load balancing configuration. Combined with support for the autoscaling group filter (see AWS SDN connector using certificates, this enables you to use the FortiGate as a load balancer in AWS for an autoscaling deployment. You do not need to manually change each server's IP address whenever a scale in/out action occurs, as FortiOS dynamically updates the IP addresses following each scale in/out action.

Consider a scenario where the FortiGate-VM is deployed on AWS and load balancing for three servers. The SDN connector configured in FortiOS dynamically loads the server IP addresses. If a scale in action occurs, the load balancer dynamically updates to load balance to the two remaining servers.

The following instructions assume the following:

  1. An AWS SDN connector is configured and up.
  2. An AWS dynamic firewall address with a filter is configured.
To configure a dynamic address object in a real server under virtual server load balance:

CLI commands introduced in FortiOS 6.4 are shown bolded below.

config firewall vip

edit "0"

set id 0

set uuid 0949dfbe-7512-51ea-4671-d3a706b09657

set comment ''

set type server-load-balance

set extip 0.0.0.0

set extintf "port1"

set arp-reply enable

set server-type http

set nat-source-vip disable

set gratuitous-arp-interval 0

set http-ip-header disable

set color 0

set ldb-method static

set http-redirect disable

set persistence none

set extport 80

config realservers

edit 1

set type address

set address "aws addresses"

set port 8080

set status active

set holddown-interval 300

set healthcheck vip

set max-connections 0

unset client-ip

next

end

set http-multiplex disable

set max-embryonic-connections 1000

next

end

Previous
Next