Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
marcusleal
New Contributor

Problem to finish Load Balance setup

Hello all,

 

I created the Virtual Server listed bellow so I can do a simple Load Balance.

 

The interface "DMZ_PRO_LINK" is included into a zone named "DMZ_PRODUCAO".

 

The problem is when I try to create the policy to allow the traffic I only have the option to set the zone and when I set the zone the Virtual Server object "LB_VS_PORTALINTRANET" is not listed in the destination address field (dstaddr).

 

I tried the CLI and the results were the same.

 

Anybody else already tried this?

 

Any suggestion?

 

Enviroment:

FGT-311B

Cluster: 2 nodes A-P

Firmware Version: v5.0,build0292 (GA Patch 9)

Operation Mode: NAT

 

#######

config firewall vip
    edit "LB_VS_PORTALINTRANET"
        set type server-load-balance
        set extip 172.16.1.51
        set extintf "DMZ_PRO_LINK"
        set server-type http
        set monitor "HC_TCP80"
        set ldb-method weighted
        set persistence http-cookie
        set extport 80
            config realservers
                edit 1
                    set ip 192.168.10.51
                    set port 80
                next
                edit 2
                    set ip 192.168.10.50
                    set port 80
                next
            end
        set http-multiplex enable
        set http-ip-header enable
    next
end

config firewall policy
    edit 170
        set srcintf "INSIDE"
        set dstintf "DMZ_PRODUCAO"
        set srcaddr "FAPES_NET"
        set action accept
        set service "HTTP"
    next
end

UTM01 (170) # set dstaddr LB_VS_PORTALINTRANET
entry not found in datasource

value parse error before 'LB_VS_PORTALINTRANET'
Command fail. Return code -3

#######

1 REPLY 1
SCSIraidGURU
Contributor

I am working on load balancing rules with a tech. 

 

We removed WAN load balancing and are working on policy based load balancing

 

1.) Banks require single sign on (SSO) that stay on same connection for the entire session.  We are setting up policies that allow a fail over to the other WAN connection

2.) HTTP and HTTPS can load balance round robin with both connections

3.) QoS rules to allow our Barracuda backup device to throttle up and down bandwidth based on lower priority rules. 

 

Barracuda did load balancing on each policy.  You could have load balance or fail over rules on each policy.  Fortinet seems to be all or nothing with WAN load balancing.  I will report back when we are done. 

Labels
Top Kudoed Authors