Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dmccosh80
New Contributor

Fortigate Load Balancing (HTTP Cookie)

Hi All

 

I'm running 2 * FortiGate 300D (A-A), FW 5.2.2

We are experiencing problems with load balancing a particular Java Application.

We have a virtual server, containing 3 physical servers.

HTTP persistence via HTTP Cookie, load balance method https (Round Robin)

 

We are experiencing intermittent session problems; whereby page elements appear blank or entire blank pages. A page refresh is the only way to continue the session.

Confusingly, when we stop 2 physical servers and run with just one single physical server the problems still persist. (I had initially thought that persistence wasn't working correctly and some http requests were making their way to other physical servers)

When we remove the Virtual Server and just create a straightforward Firewall VIP we have no problems.

 

I realise that this description isn't much to go on, but if anyone has any help or ideas it would be greatly appreciated :)

 

Regards

David

4 REPLIES 4
emnoc
Esteemed Contributor III

How does your cli vip cfg looks like and have you double checked

 

          set http-ip-header enable                  set persistence http-cookie    Have you ran any wireshark and validate the cookie  between the FGT and client?  

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
dmccosh80

Hi emnoc

 

Thank you for your reply 

 

My config in the cli is as follows (I have not made any changes via the cli directly - all as a result from setting up via GUI)

edit "LB_XXXX" set uuid 1894d1be-fbc6-51e5-3cf0-f805f222744d set comment "Test" set type server-load-balance set extip xxx.xxx.xxx.xxx set extintf "port2" set server-type https set monitor "TEST" set ldb-method round-robin set persistence http-cookie set extport 443 config realservers edit 1 set ip 172.xxx.xxx.50 set port 443 next edit 2 set ip 172.xxx.xxx.51 set port 443 next edit 3 set ip 172.xxx.xxx.52 set port 443 next end set ssl-mode full set ssl-certificate "XXXX_CERT" next end

 

I will try your suggestion of performing a Wireshark sniff

 

Thanks Again

Regards

David

marcostauber

I have a similar problem. Error creating persistence.

 

set persistence http-cookie command parse error before 'persistence' Command fail. Return code -61

echo

Same here, we have 1500D with 5.6.3 and this option is gone! Does anybody know about 5.6.4?

I just found out that in CLI there are much more options for LB type, but if I use HTTPS for example (set in CLI), and then edit this vip in GUI, it will change the type back to HTTP because GUI shows only 4 types and HTTPS is not listed...

Labels
Top Kudoed Authors