HTTP and HTTPS multiplexing
For both HTTP and HTTPS load balancing you can multiplex HTTP requests and responses over a single TCP connection. HTTP multiplexing is a performance saving feature of HTTP/1.1 compliant web servers that provides the ability to pipeline many unrelated HTTP or HTTPS requests on the same connection. This allows a single HTTPD process on the server to interleave and serve multiple requests. The result is fewer idle sessions on the web server so server resources are used more efficiently. HTTP multiplexing can take multiple separate inbound sessions and multiplex them over the same internal session. This may reduce the load on the backend server and increase the overall performance.
HTTP multiplexing may improve performance in some cases. For example, if users web browsers are only compatible with HTTP 1.0. HTTP multiplexing can also improve performance between a web server and the FortiGate unit if the FortiGate unit is performing SSL acceleration. However, in most cases HTTP multiplexing should only be used if enabling it leads to a measurable improvement in performance.
To enable HTTP multiplexing from the web-based manager, select multiplex HTTP requests/responses over a single TCP connection. To enable HTTP multiplexing from the CLI enable the
Preserving the client IP address
Select preserve client IP from the GUI or enable the
http-ip-header option from the CLI to preserve the IP address of the client in the
X-Forwarded-For HTTP header. This can be useful in an HTTP multiplexing configuration if you want to be able to see the original client IP address in log messages on the destination web server. If this option is not selected, the
X-Forwarded-For HTTP header contains the IP address of the FortiGate unit.
Preserving the client IP address in a different HTTP header
If you select preserve client IP from the web-based manager or enable the
http-ip-header option from the CLI you can also preserve the client IP in a different HTTP header. This can be useful if you want to use a custom header name instead of
You can add the custom header name from the CLI. When
http-ip-header is enabled you can add a custom header name to the
http-ip-header-name option. If you don’t add a name the
X-Forwarded-For header is used.