Hot!Server Load Balancing - Redirect http-to-https

Author
Micheal
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/01/18 05:28:11
  • Status: offline
2018/01/18 05:45:06 (permalink)
0

Server Load Balancing - Redirect http-to-https

Hi All,
 
We want to migrate our websites from Riverbed Load Balancer, to the Fortigate 3000D Firewall.
The PoC website is configured and calling the website on https is working correctly, example: https://lnbpoc.example.com, but we want http://lnbpoc.example.com to redirect to https://lnbpoc.example.com.
 
Using the Load Balance feature with, virtual server to real server setup.
 
Is this possible on the Fortigate 3000D?
 
Kind Regards,
Micheal
#1

5 Replies Related Threads

    Markus
    Gold Member
    • Total Posts : 185
    • Scores: 18
    • Reward points: 0
    • Joined: 2015/03/19 07:30:23
    • Location: Switzerland
    • Status: offline
    Re: Server Load Balancing - Redirect http-to-https 2018/01/22 02:02:11 (permalink)
    0
    Hi Micheal

    As i know, this is not possible. You have to do this on the webserver.

    Best regards,
    Markus
    #2
    PaulW
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/01/23 02:30:24
    • Status: offline
    Re: Server Load Balancing - Redirect http-to-https 2018/01/23 02:48:13 (permalink)
    0
    Hi all,
     
    I'm trying the same things as Micheal on a 800C.
    You say do this on the webserver itself, and in my case it's done but not working.
    What did my service provider is:
     
    Untrust-> Virtual Server (services HTTP and HTTPS)
    Virtual server conf: Public IP and Virtual Server port 443
    Real server conf: Private IP port 443
     
    I cannot create another Real server with the same IP and port 80.
     
    Any idea?
    Thanks Paul
    #3
    Markus
    Gold Member
    • Total Posts : 185
    • Scores: 18
    • Reward points: 0
    • Joined: 2015/03/19 07:30:23
    • Location: Switzerland
    • Status: offline
    Re: Server Load Balancing - Redirect http-to-https 2018/01/25 03:33:22 (permalink)
    0
    Hi Paul
    Seems that this is depended on the Firmware.
    With my 60E on 5.6.3 this is possible (more than one virtual Server with same IP and different ports).
    Or maybe there is a (same) Virtual IP with existing Portforwarding configured?

    Best regards,
    Markus
    post edited by Markus - 2018/01/25 03:37:59

    Attached Image(s)

    #4
    rwpatterson
    Expert Member
    • Total Posts : 8404
    • Scores: 195
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: offline
    Re: Server Load Balancing - Redirect http-to-https 2018/01/25 05:11:01 (permalink)
    0
    please disregard

    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.19-b0694
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #5
    DW_FTNT
    New Member
    • Total Posts : 7
    • Scores: 2
    • Reward points: 0
    • Joined: 2019/08/12 07:38:28
    • Status: offline
    Re: Server Load Balancing - Redirect http-to-https 2019/08/12 08:54:23 (permalink)
    0
    HTTP to HTTPS redirect was added to 6.2.1 Code
     
    you can terminate 443 on the fortigate or just pass 443 all the way to the server.
    This link shows how to terminate/offload 443 on the fortigate
    https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/304594/http-to-https-redirect-for-load-balancing
    here is a link to offloading
    https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-load-balancing-52/ldb-ssl-tls-offload.htm
     
     
    if you want to just pass 443 to the server and not terminate the session on the fortigate
    edit the vip
    "virtual-server-https"
    --->  set server-type tcp
     
    you can  redirect other ports like 8080  using http
    edit "virtual-server-http"
        set extport 80
    to
       set extport 8080
     
     
    be sure to use proxy mode
    #6
    Jump to:
    © 2019 APG vNext Commercial Version 5.5