Fortinet black logo

New Features

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Support dynamic address objects in real servers under virtual server load balance

Support dynamic address objects in real servers under virtual server load balance

FortiOS supports using dynamic firewall addresses in real servers under a virtual server load balancing configuration. Combined with support for the autoscaling group filter (see Support filtering on AWS autoscaling group for dynamic address objects), this enables you to use the FortiGate as a load balancer in AWS for an autoscaling deployment. You do not need to manually change each server's IP address whenever a scale in/out action occurs, as FortiOS dynamically updates the IP addresses following each scale in/out action.

Consider a scenario where the FortiGate-VM is deployed on AWS and load balancing for three servers. The Fabric connector configured in FortiOS dynamically loads the server IP addresses. If a scale in action occurs, the load balancer dynamically updates to load balance to the two remaining servers.

The following instructions assume the following:

  1. An AWS Fabric connector is configured and up.
  2. An AWS dynamic firewall address with a filter is configured.
To configure a dynamic address object in a real server under virtual server load balance:

CLI commands introduced in FortiOS 6.4.0 are shown bolded below.

config firewall vip

edit "0"

set id 0

set uuid 0949dfbe-7512-51ea-4671-d3a706b09657

set comment ''

set type server-load-balance

set extip 0.0.0.0

set extintf "port1"

set arp-reply enable

set server-type http

set nat-source-vip disable

set gratuitous-arp-interval 0

set http-ip-header disable

set color 0

set ldb-method static

set http-redirect disable

set persistence none

set extport 80

config realservers

edit 1

set type address

set address "aws addresses"

set port 8080

set status active

set holddown-interval 300

set healthcheck vip

set max-connections 0

unset client-ip

next

end

set http-multiplex disable

set max-embryonic-connections 1000

next

end

Previous
Next

More Links

Support filtering on AWS autoscaling group for dynamic address objects

Support dynamic address objects in real servers under virtual server load balance

FortiOS supports using dynamic firewall addresses in real servers under a virtual server load balancing configuration. Combined with support for the autoscaling group filter (see Support filtering on AWS autoscaling group for dynamic address objects), this enables you to use the FortiGate as a load balancer in AWS for an autoscaling deployment. You do not need to manually change each server's IP address whenever a scale in/out action occurs, as FortiOS dynamically updates the IP addresses following each scale in/out action.

Consider a scenario where the FortiGate-VM is deployed on AWS and load balancing for three servers. The Fabric connector configured in FortiOS dynamically loads the server IP addresses. If a scale in action occurs, the load balancer dynamically updates to load balance to the two remaining servers.

The following instructions assume the following:

  1. An AWS Fabric connector is configured and up.
  2. An AWS dynamic firewall address with a filter is configured.
To configure a dynamic address object in a real server under virtual server load balance:

CLI commands introduced in FortiOS 6.4.0 are shown bolded below.

config firewall vip

edit "0"

set id 0

set uuid 0949dfbe-7512-51ea-4671-d3a706b09657

set comment ''

set type server-load-balance

set extip 0.0.0.0

set extintf "port1"

set arp-reply enable

set server-type http

set nat-source-vip disable

set gratuitous-arp-interval 0

set http-ip-header disable

set color 0

set ldb-method static

set http-redirect disable

set persistence none

set extport 80

config realservers

edit 1

set type address

set address "aws addresses"

set port 8080

set status active

set holddown-interval 300

set healthcheck vip

set max-connections 0

unset client-ip

next

end

set http-multiplex disable

set max-embryonic-connections 1000

next

end

Previous
Next