Table of Contents
Advertisement
Getting started with FortiGate-7000
You can restart individual modules by logging into that module's CLI and entering the execute reboot
command.
Load balancing
FortiGate-7000E session-aware load balancing (SLBC) distributes TCP, UDP, and SCTP traffic from the interface
modules to the processor modules. Traffic is load balanced based on the algorithm set by the following
command:
config load-balance setting
set dp-load-distribution-method {round-robin | src-ip | dst-ip | src-dst-ip | src-ip-
sport | dst-ip-dport | src-dst-ip-sport-dport}
end
Where:
round-robin Directs new requests to the next slot regardless of response time or number of connections.
src-ip traffic load is distributed across all slots according to source IP address.
dst-ip traffic load is statically distributed across all slots according to destination IP address.
src-dst-ip traffic load is distributed across all slots according to the source and destination IP addresses.
src-ip-sport traffic load is distributed across all slots according to the source IP address and source port.
dst-ip-dport traffic load is distributed across all slots according to the destination IP address and destination
port.
src-dst-ipsport-dport traffic load is distributed across all slots according to the source and destination IP
address, source port, and destination port. This is the default load balance distribution method and represents
true session-aware load balancing.
Traffic that cannot be load balanced
Some traffic types cannot be load balanced. Traffic that cannot be load balanced is all processed by the primary
FPM module, which is usually the FPM module in slot 3. Internal to the system this FPM module is designated as
the ELBC master. If the FPM module in slot 3 fails or is rebooted, the next FPM module will become the primary
FPM module.
You can configure the FortiGate-7000 to send any type of traffic to the primary FPM or to other specific FPM
modules using the config loadbalance flow-rule command. By default, traffic that is only sent to the
primary FPM module includes, IPsec, IKE, GRE, session helper, Kerberos, BGP, RIP, IPv4 and IPv6 DHCP,
PPTP, BFD, IPv4 multicast and IPv6 multicast. You can view the default configuration of the config
loadbalance flow-rule command to see how this is all configured. For example, the following
configuration sends all IKE traffic to the primary FPM:
config load-balance flow-rule
edit 1
set status enable
set vlan 0
set ether-type ip
set protocol udp
set src-l4port 500-500
set dst-l4port 500-500
set action forward
FortiGate-7000
Fortinet Technologies Inc.
Load balancing
36
Advertisement
Table of Contents
