Introduction : Architecture
FortiADC supports network, server, and application firewall capabilities to protect against denial of service and malformed packet attacks. These appliances provide a rich set of firewall policies from layers 4 and layer 7 that can be layered on top of each other for more comprehensive security.
A basic FortiADC device connection topology is shown in Figure 1.
Figure 1: Basic topology
Traffic can be balanced across multiple back-end servers based on a selection of load balancing methods including round robin, shortest response time, or least connections. The device can balance layer 7 HTTP, HTTPS, SSL, and generic layer 4 TCP, UDP. Session persistence is supported based on injected HTTP/HTTPS cookies or the SSL session ID.
Real servers can be bound to virtual servers. The real server topology is transparent to end users, and the users interact with the system as if it were only a single server with the IP address and port number of the virtual server. The real servers may be interconnected by high-speed LAN or by geographically dispersed WAN. The FortiADC appliance schedules requests to the real servers and makes parallel services of the virtual server to appear to involve a single IP address.
There are additional benefits to load balancing. First, because the load is distributed across multiple servers, the service being provided can be highly available. If one of the servers breaks down, the load can still be handled by the other servers. Secondly, this increases scalability. If the load increases substantially, more servers can be added behind the FortiADC appliance in order to cope with the increased load.