Fortigate FW load balancing setup

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so in this video I'm going to talk about 40 gig firewalls load balancing configuration and the setup that I have for that is pretty straightforward I've got a 40 gate firewall that's also doing load balancing So This Server this firewall is configured as usual with Port 1 to be my Management Port connected to my laptop through the virtual v-net one on a 192 subnet right here 192.168.71 and then I have Port two that's the Ingress sport vid Puppy Linux and Vios one as clients and this subnet is 10 1 1 X this guy is triple one this guy is one and the port on firewall is 100 so these clients are coming in and trying to access the servers on Port three and four three has two servers because two and Vos three this is the segment ten two two 1.100 .2 and Dot three so the traffic from this Puppy Linux and Vios one is going to hit a whip 10111 that gets translated to these real servers for load balancing now the tricky part is according to the documentation it's not very clear how to configure this so I thought I put it for my record and share it when you configure the firewall for load balancing you would not configure the VIP you would configure the virtual servers and in the virtual servers in the policy this is no this is good but in the policy you would configure a proxy mode not the flow mode so let's take a look at that once you do this this should be straightforward but these are some of the things that the documentation missed out and you have to figure out yourself by Googling and figuring out by playing so your firewall is right here the interfaces are configured Port 1 management 10 1 10 2 and 10 3 these are the servers that's where the servers are sitting actually they're sitting on 10 2 only 10 3 is not used in this setup so 10 1 is the Ingress board on Port 2 and 10 2 is the egress board where the virtual servers are sitting so let's go take a look at how you look configure this virtual servers you got to go to the systems feature visibility and you got to turn on the load balancing feature before you can configure this so load balancing you need to turn it on CE you do that you would be able to see things like virtual IP and virtual servers so you're not going to configure virtual IP you're going to configure servers you go to the word servers give it a name I'm using IP here's my virtual IP which is the same as versatile IP here but you don't configure the virtual IP you just configure the virtual server and configure the load balancing methodology and using least rtt round trip time and your health check with pings and two real servers that are just one and Vios two and three as per the setup once that is done you just have to go configure the policy the policy is where you would here's my policy you would this is your ingressport eager sport all sources and then destination is server one now this is not going to be visible unless you this is flow based right so you have to go with proxy basis instead of the proxy a flow base otherwise this is not going to be visible so if you go flow based and then try to add you would not be able to see the servers virtual servers right now you can because it's already pre-configured but let's try to delete it go here delete okay create new load balancing policy one incoming is two outgoing is three destination sources all destination needs to be sub virtual servers you don't see it you don't see virtual servers unless you go and change this to proxy based and then go back to destination and you'll see the virtual servers so here's what you got to make sure you select otherwise your original servers will not be visible Services all and then oak and then when you hit this is going on the second first link and this one is going to go on the second link should be so if you go now that's all it takes to configure the load balancing part now you can go play with the virtual servers and look at how this is going to change rdt doesn't really tell you much but if you go and change to round robin and then go Ctrl C goes to the second link which has got a bigger latency so that is all I wanted to share is that you do not configure virtual IEPs only configure virtual servers for load balancing and this is the setup that I have where you are originally P configured in the word server setup is 100 111 and you would not configure the whips would only configure virtual servers and you will configure the proxy mode in the policy and not the flow mode hope this helps
Info
Channel: safteach academy
Views: 9,125
Rating: undefined out of 5
Keywords:
Id: vtg0Gy_i9qU
Channel Id: undefined
Length: 8min 12sec (492 seconds)
Published: Wed May 24 2023
Related Videos
Fortigate Operator | Virtual Server Load Balancer
Silesio Carvalho
2.4K
SD-WAN Configuration for Internet Failover With Two Connections | WAN1 & WAN2 | FortiGate 80D
KBTrainings
48K
Connect 2 ISP Internet links using a 60F FortiGate Firewall. (Step-by-step guide)
SILAS INFOTECH
1.4K
How to configure SD-WAN in FortiGate Firewall
IgoroTech Official
18K
What is a Load Balancer?
IBM Technology
224K
Fortigate Multi WAN setup (multiple static ip)
Computerworx
23K
How to configure SD-WAN on Fortigate
ElastiCourse
38K
Fortigate Firewall SD WAN Configuration step by step
iShare
47K
SD-WAN Configuration on FortiGate: How to Split Traffic from 2 Networks/VLANs between WAN1 and WAN2
KBTrainings
14K
FortiGate IPsec ADVPN with SDWAN and Dual ISPs
Verifine Academy
23K
How to Configure SD-WAN On Fortigate Firewall
LinuxHelp
40K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.