Fortinet FortiGate Series Administration Manual page 474

Configuring virtual servers
474
Virtual Server The IP address of the virtual server. This is an IP address on the external
interface that you want to map to an address on the destination network.
IP
Virtual server Enter the external port number that you want to map to a port number on the
destination network. Sessions with this destination port are load balanced by this
Port
virtual server.
Load Balance Load balancing methods include:
Method • Static: The traffic load is spread evenly across all servers, no additional
server is required. This load balancing method provides some persistence
because all sessions from the same source address always go to the same
server. However, the distribution is stateless, so if a real server is added or
removed (or goes up or down) the distribution is changed so persistence will
be lost. Separate real servers are not required.
• Round Robin: Directs requests to the next server, and treats all servers as
equals regardless of response time or number of connections. Dead servers
or non responsive servers are avoided. A separate server is required.
• Weighted: Servers with a higher weight value will receive a larger percentage
of connections. Set the server weight when adding a server.
• First Alive: Always directs requests to the first alive real server. In this case
"first" refers to the order of the real servers in the virtual server configuration.
For example, if you add real servers A, B and C in that order, then traffic
always go to A as long as it is alive. If A goes down then traffic goes to B and
if B goes down the traffic goes to C. If A comes back up traffic goes to A. Real
servers are ordered in the virtual server configuration in the order in which
you add them, with the most recently added real server last. If you want to
change the order you must delete and re-add real servers as required.
• Least RTT: Directs requests to the server with the least round trip time. The
round trip time is determined by a Ping monitor and is defaulted to 0 if no Ping
monitors are defined.
• Least Session: Directs requests to the server that has the least number of
current connections. This method works best in environments where the
servers or other equipment you are load balancing have similar capabilities.
Persistence Configure persistence to make sure that a user is connected to the same server
every time they make a request that is part of the same session.
When you configure persistence, the FortiGate unit load balances a new session
to a real server according to the Load Balance Method. If the session has an
HTTP cookie or an SSL session ID, the FortiGate unit sends all subsequent
sessions with the same HTTP cookie or SSL session ID to the same real server.
You can configure persistence if Type is set to HTTP, HTTPS, or SSL.
• Select None for no persistence. Sessions are distributed solely according to
the Load Balance Method. Setting Load Balance Method to Static (the
default) results in behavior equivalent to persistence. See the description of
Load Balance Method for more information.
• Select HTTP Cookie so that all HTTP or HTTPS sessions with the same
HTTP session cookie are sent to the same real server. HTTP Cookie is
available if Type is set to HTTP or HTTPS. See the description of the config
firewall VIP command in the
about advanced HTTP Cookie persistence options.
• Select SSL Session ID so that all sessions with the same SSL session ID are
sent to the same real server. SSL Session ID is available if Type is set to
HTTPS or SSL.
Note: The Static load balancing method provides persistence as long as the
number of real servers does not change.
HTTP Select to use the FortiGate unit's HTTP proxy to multiplex multiple client
connections destined for the web server into a few connections between the
Multiplexing
FortiGate unit and the web server. This can improve performance by reducing
server overhead associated with establishing multiple connections. The server
must be HTTP/1.1 compliant.
This option appears only if HTTP or HTTS are selected for Type.
Note: Additional HTTP Multiplexing options are available in the CLI. For more
information, see the
FortiGate CLI Reference
FortiGate CLI Reference.
FortiGate Version 4.0 MR1 Administration Guide
Firewall Load Balance
for information
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback