Add real servers to a load balancing virtual server to provide the information the virtual server requires to be able to send sessions to the server. A real server configuration includes the IP address of the real server and port number that the real server receives sessions on. The FortiGate unit sends sessions to the real server’s IP address using the destination port number in the real server configuration.
When configuring a real server you can also specify the weight (used if the load balance method is set to weighted) and you can limit the maximum number of open connections between the FortiGate unit and the real server. If the maximum number of connections is reached for the real server, the FortiGate unit will automatically switch all further connection requests other real servers until the connection number drops below the specified limit. Setting Maximum Connections to 0 means that the FortiGate unit does not limit the number of connections to the real server.
Real server active, standby, and disabled modes
By default the real server mode setting is active indicating that the real server is available to receive connections. If the real server is removed from the network (for example, for routine maintenance or because of a hardware or software failure) you can change the mode to standby or disabled. In disabled mode the FortiGate unit no longer sends sessions to the real server.
If a real server is in standby mode the FortiGate also does not send sessions to it unless other real servers added to the same virtual server become unavailable. For example:
- A virtual server that includes two real servers one in active mode and one in standby mode. If the real server in active mode fails, the real server in standby mode is changed to active mode and all sessions are sent to this real server.
- A virtual server includes three real servers, two in active mode and one in standby mode, if one of the real servers in active mode fails, the real server in standby mode is changed to active mode and sessions are load balanced between it and still operating real server. If both real servers in active mode fail, all sessions are sent to the real server in standby mode.
Adding real servers from the web-based manager
To add a real server from the web-based manager go to Policy & Objects > Real Servers.
Select the virtual server that will send sessions to this real server.
Enter the IP address of the real server.
Enter the port number on the destination network to which the external port number is mapped.
Enter the weight value of the real server. The higher the weight value, the higher the percentage of connections the server will handle. A range of 1‑255 can be used. This option is available only if the associated virtual server’s load balance method is Weighted.
Enter the limit on the number of active connections directed to a real server. A range of 1-99999 can be used. If the maximum number of connections is reached for the real server, the FortiGate unit will automatically switch all further connection requests to another server until the connection number drops below the specified limit.
Setting Maximum Connections to 0 means that the FortiGate unit does not limit the number of connections to the real server.
Enter the HTTP header for load balancing across multiple real servers. This feature is used for load balancing HTTP host connections across multiple real servers using the host’s HTTP header to guide the connection to the correct real server, providing better load balancing for those specific connections.
Select a mode for the real server.
Adding real servers from the CLI
To add a real server from the CLI you configure a virtual server and add real servers to it. For example, to add three real servers to a virtual server that load balances UDP sessions on port 8190 using weighted load balancing. For each real server the port is not changed. The default real server port is 0 resulting in the traffic being sent the real server with destination port 8190. Each real sever is given a different weight. Servers with higher weights have a max-connections limit to prevent too many sessions from being sent to them.
config firewall vip
set type server-load-balance
set server-type udp
set ldb-method weighted
set extip 172.20.120.30
set extintf wan1
set extport 8190
set monitor ping-mon-1
set ip 10.31.101.30
set weight 100
set max-connections 10000
set ip 10.31.101.40
set weight 100
set max-connections 10000
set ip 10.31.101.50
set weight 10