Hot!Issue from loadbalancing server and source address

Author
karnack
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/05/30 02:40:02
  • Status: offline
2018/05/30 02:50:14 (permalink)
0

Issue from loadbalancing server and source address

Hi Everyone,
 
Indeed, I try to set up load balancing for syslog servers.
The load balancing itself works well but the syslog server does not receive the addresses of the remote equipments, there is a NAT realized by the forti, so we do not know what equipment comes from the logs ( i see fort address).
I thought of port forwarding to keep the source address but I will not be able to forward the logs to my server pool but to a single server.
Do you know if there is possibility to realize this load sharing by keeping the source addresses of the customers?
#1
ericli_FTNT
Gold Member
  • Total Posts : 127
  • Scores: 4
  • Reward points: 0
  • Joined: 2018/02/08 11:12:27
  • Status: offline
Re: Issue from loadbalancing server and source address 2018/05/30 10:02:14 (permalink)
0
karnack
Hi Everyone,
 
Indeed, I try to set up load balancing for syslog servers.
The load balancing itself works well but the syslog server does not receive the addresses of the remote equipments, there is a NAT realized by the forti, so we do not know what equipment comes from the logs ( i see fort address).
I thought of port forwarding to keep the source address but I will not be able to forward the logs to my server pool but to a single server.
Do you know if there is possibility to realize this load sharing by keeping the source addresses of the customers?




Hi, can you provide an example of your issue?
#2
emnoc
Expert Member
  • Total Posts : 5062
  • Scores: 307
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Issue from loadbalancing server and source address 2018/05/30 11:00:37 (permalink)
0
What device is  doing the SNAT ? Can you  eliminate the SNAT so the original  SRC is presented in the syslog files?

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#3
karnack
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/05/30 02:40:02
  • Status: offline
Re: Issue from loadbalancing server and source address 2018/05/31 02:18:19 (permalink)
0
My equipment is a forti 1500D, typically, my network equipment (10.10.20.x) sends syslog (UDP 514) to the configured syslog vip (10.10.10.1), the real syslog servers 10.10.10.2 and 10.10.10.3, receive well the network logs but NATtes with my interface forti side network equipment (10.10.20.1)
#4
karnack
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/05/30 02:40:02
  • Status: offline
Re: Issue from loadbalancing server and source address 2018/05/31 02:40:51 (permalink)
0
The snat is realized by the forti whereas I have no rule of implementation for the network equipments. Forti presents the address of the interface of the incoming flow to my servers syslog that is why all my syslog servers only see the address of the forti.
#5
karnack
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/05/30 02:40:02
  • Status: offline
Re: Issue from loadbalancing server and source address 2018/06/08 09:05:59 (permalink)
0
up because no answer
#6
Markus
Gold Member
  • Total Posts : 127
  • Scores: 8
  • Reward points: 0
  • Joined: 2015/03/19 07:30:23
  • Location: Switzerland
  • Status: offline
Re: Issue from loadbalancing server and source address 2018/06/13 05:33:02 (permalink)
0
Have you tried to enable "Preserve Client IP" ?
#7
karnack
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/05/30 02:40:02
  • Status: offline
Re: Issue from loadbalancing server and source address 2018/06/13 07:12:26 (permalink)
0
 " Preserve Ip client" it's only available for HTTP/HTTPS loadbalancing.
 
Preserve Client IP
Select to preserve the IP address of the client in the X-Forwarded-For HTTP header. This can be useful if you
want log messages on the real servers to the client’s original IP address. If this option is not selected, the header
will contain the IP address of the FortiGate unit.
This option appears only if HTTP or HTTS are selected for Type, and is available only if HTTP Multiplexing is
selected.
#8
Markus
Gold Member
  • Total Posts : 127
  • Scores: 8
  • Reward points: 0
  • Joined: 2015/03/19 07:30:23
  • Location: Switzerland
  • Status: offline
Re: Issue from loadbalancing server and source address 2018/06/13 07:16:11 (permalink)
0
Good to know, I did not know that. "Normal" Loadbalancers, like F5, will preseve the client IP, no matter what a loadbalancing is used.

Thanks for sharing.
#9
Jump to:
© 2018 APG vNext Commercial Version 5.5