Hot!Fortigate Load Balancing (HTTP Cookie)

Author
dmccosh80
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/04/05 14:58:41
  • Status: offline
2016/04/05 15:13:49 (permalink)
0

Fortigate Load Balancing (HTTP Cookie)

Hi All
 
I'm running 2 * FortiGate 300D (A-A), FW 5.2.2
We are experiencing problems with load balancing a particular Java Application.
We have a virtual server, containing 3 physical servers.
HTTP persistence via HTTP Cookie, load balance method https (Round Robin)
 
We are experiencing intermittent session problems; whereby page elements appear blank or entire blank pages. A page refresh is the only way to continue the session.
Confusingly, when we stop 2 physical servers and run with just one single physical server the problems still persist. (I had initially thought that persistence wasn't working correctly and some http requests were making their way to other physical servers)
When we remove the Virtual Server and just create a straightforward Firewall VIP we have no problems.
 
I realise that this description isn't much to go on, but if anyone has any help or ideas it would be greatly appreciated :-)
 
Regards
David
#1
emnoc
Expert Member
  • Total Posts : 5062
  • Scores: 307
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: online
Re: Fortigate Load Balancing (HTTP Cookie) 2016/04/06 09:47:57 (permalink)
0
How does your cli vip cfg looks like and have you double checked
 
 
        set http-ip-header enable
        
        set persistence http-cookie 

 
Have you ran any wireshark and validate the cookie  between the FGT and client?
 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#2
dmccosh80
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/04/05 14:58:41
  • Status: offline
Re: Fortigate Load Balancing (HTTP Cookie) 2016/04/07 03:28:29 (permalink)
0
Hi emnoc
 
Thank you for your reply 
 
My config in the cli is as follows (I have not made any changes via the cli directly - all as a result from setting up via GUI)

edit "LB_XXXX"
set uuid 1894d1be-fbc6-51e5-3cf0-f805f222744d
set comment "Test"
set type server-load-balance
set extip xxx.xxx.xxx.xxx
set extintf "port2"
set server-type https
set monitor "TEST"
set ldb-method round-robin
set persistence http-cookie
set extport 443
config realservers
edit 1
set ip 172.xxx.xxx.50
set port 443
next
edit 2
set ip 172.xxx.xxx.51
set port 443
next
edit 3
set ip 172.xxx.xxx.52
set port 443
next
end
set ssl-mode full
set ssl-certificate "XXXX_CERT"
next
end
 
I will try your suggestion of performing a Wireshark sniff
 
Thanks Again
Regards
David
#3
marcostauber
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/06/12 13:36:32
  • Status: offline
Re: Fortigate Load Balancing (HTTP Cookie) 2018/06/13 05:28:24 (permalink)
0
I have a similar problem.
Error creating persistence.
 
set persistence http-cookie
command parse error before 'persistence'
Command fail. Return code -61
#4
echo
Silver Member
  • Total Posts : 88
  • Scores: 4
  • Reward points: 0
  • Joined: 2013/06/19 07:45:28
  • Location: Tallinn, Estonia
  • Status: offline
Re: Fortigate Load Balancing (HTTP Cookie) 2018/07/03 02:45:21 (permalink)
0
Same here, we have 1500D with 5.6.3 and this option is gone! Does anybody know about 5.6.4?
I just found out that in CLI there are much more options for LB type, but if I use HTTPS for example (set in CLI), and then edit this vip in GUI, it will change the type back to HTTP because GUI shows only 4 types and HTTPS is not listed...
#5
Jump to:
© 2018 APG vNext Commercial Version 5.5