Most contexts in the CLI correspond to an FortiADC object -- servers, server instances, server pools, clusters, match rules, responders, CRLs, certificates. The following diagram shows the relationships among these objects.
On FortiADC, a server corresponds to a real server hosting an application behind FortiADC. Each server has an IP address that FortiADC uses to send client requests to the server. This IP address is sometimes called a “real IP” because it corresponds to a real server.
A server must be assigned to a server pool before it can be associated with a cluster. When you assign a server to a server pool, you create a server instance of that server in the server pool. The server instance definition specifies operating parameters for the real server that are effective only within that server pool. This allows you the flexibility to associate a single physical server with multiple server pools, and set different server instance options within each server pool.
A server pool in turn is assigned to a cluster. Client requests are sent to a cluster IP address (often called a “virtual IP”) assigned to FortiADC and then routed to the server pool instance selected by the load balancing algorithm and other options. In all clusters, a server pool is assigned directly to the cluster. For Layer 7 clusters, additional alternate server pools, as well as other objects and options, can be assigned to one or more match rules.
A match rule is processed before cluster settings are processed, and behaves like an if-then statement: if a client request’s content matches the conditional expression set in the match rule, then the options and objects specified in the match rule are used. If the expression in the match rule is not matched by the client request, then the next match rule is processed. If all match rules defined in the cluster are processed and none of them match the incoming request, then the objects and options set on the cluster are used to process the request.
The objects that can be selected by match rules include server pools, responders (used when no servers in a server pool are available), SSL certificates, and certificate revocation lists (CRLs). Many cluster options can also be specified in a match rule, including persistence settings and load balancing policy.
Supported operations on all objects are explained in Context Command Summaries.
Related Topics