Configuring Real Servers - Fortinet FortiGate Series Administration Manual

Firewall Load Balance

Configuring real servers

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Preserve Select to preserve the IP address of the client in the X-Forwarded-For HTTP
header. This can be useful if you require logging on the server of the client's
Client IP
original IP address. If this option is not selected, the header will contain the IP
address of the FortiGate unit.
This option appears only if HTTP or HTTS are selected for Type, and is available
only if HTTP Multiplexing is selected.
SSL Select to accelerate clients' SSL connections to the server by using the FortiGate
unit to perform SSL operations, then select which segments of the connection
Offloading
will receive SSL offloading.
• Client <-> FortiGate
Select to apply hardware accelerated SSL only to the part of the connection
between the client and the FortiGate unit. The segment between the
FortiGate unit and the server will use clear text communications. This results
in best performance, but cannot be used in failover configurations where the
failover path does not have an SSL accelerator.
• Client <-> FortiGate <-> Server
Select to apply hardware accelerated SSL to both parts of the connection: the
segment between client and the FortiGate unit, and the segment between the
FortiGate unit and the server. The segment between the FortiGate unit and
the server will use encrypted communications, but the handshakes will be
abbreviated. This results in performance which is less than the other option,
but still improved over communications without SSL acceleration, and can be
used in failover configurations where the failover path does not have an SSL
accelerator. If the server is already configured to use SSL, this also enables
SSL acceleration without requiring changes to the server's configuration.
SSL 3.0, TLS 1.0, and TLS 1.1 are supported.
SSL Offloading appears only if HTTPS or SSL are selected for Type, and only on
FortiGate models with hardware that supports SSL acceleration.
Note: Additional SSL Offloading options are available in the CLI. For more
information, see the
Certificate Select the certificate to use with SSL Offloading. The certificate key size must be
1024 or 2048 bits. 4096-bit keys are not supported.
This option appears only if HTTPS or SSL are selected for Type, and is available
only if SSL Offloading is selected.
Health Check Select which health check monitor configuration will be used to determine a
server's connectivity status.
For information on configuring health check monitors, see
check monitors" on page
Comments Any comments or notes about this virtual server.
3 Select OK.
Configure a real server to bind it to a virtual server.
To view the real server list, go to Firewall > Load Balance > Real Server.
Figure 268: Real server list
FortiGate CLI Reference.
476.
Configuring real servers
"Configuring health
Delete
Edit
475