Hot!Problems setting load balancer, Firewall limitation or bad architecture?

Author
Wenel
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/10/24 00:30:09
  • Status: offline
2019/10/24 01:57:05 (permalink)
0

Problems setting load balancer, Firewall limitation or bad architecture?

Hi all,
 
I am having problems following this configuration scheme
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-load-balancing-52/ldb_examples.htm
 
The architecture of my services is a bit different, in my case the nodes (real servers) that I want to balance have redundancy in different ports and I don't know what is the correct way to configure this. For example: 10.31.101.41:443 10.31.101.41:8443 10.31.101.42:443 10.31.101.42:8443...
When I try to configure a real server over TCP and port X it does not allow me create another real server with the same IP but another different port, how can I solve this? 
Thanks in advance
post edited by Wenel - 2019/10/24 23:43:36
#1

3 Replies Related Threads

    Wenel
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/10/24 00:30:09
    • Status: offline
    Re: Problems setting load balancer, Firewall limitation or bad architecture? 2019/11/18 03:47:14 (permalink)
    0
    Can someone help me please?
    #2
    Dave Hall
    Expert Member
    • Total Posts : 1542
    • Scores: 167
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Problems setting load balancer, Firewall limitation or bad architecture? 2019/11/18 10:17:02 (permalink)
    0
    The examples from that link appears to be setting up a VIP to point or rather listen in for a "virtual IP", the real server IPs are mapped accordingly - there is no port assignment used on the real servers IPs.  The VIPs itself specific the port(s) used.

    NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
    #3
    poundy
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/13 20:58:45
    • Status: offline
    Re: Problems setting load balancer, Firewall limitation or bad architecture? 2019/11/19 15:42:28 (permalink)
    0
    can you describe what your IP/port combinations above are representing?  Are they all equivalent end-points (all offer the same capability) or are they in some way special/different?  Remember that load balancing is intending to spread load across real servers, and you show that you only have 2x servers but each with 2x endpoints, I can understand why a second endpoint with different port may not be catered for. 
     
    But if you really wanted to do this it's likely you'd need a TAC engineer to guide you here. Personally I'd try looking at the configuration in CLI and see if there's different validations going on in than in the GUI that might get you through?
     
     
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5