Packets from the server are not being routed back through ADC
Log on to the server(s) and check the routing tables. Perform a traceroute
(or tracert
on Windows) from the server to the client. Adjust route until the ADCs address shows up in the traceroute output.
|
All packets sent from the server back to clients must pass through the ADC on the way back to the client unless the spoof cluster option is disabled, or Direct Server Return (DSR) is configured.
|
Test client is on the same network as the servers
If the test client is on the same network as the servers, the servers will probably try to send data packets directly to the client, bypassing the ADC. You can correct this by adding host routes on the servers so that the servers send their reply packets back to the client through the ADC.
No active servers in the virtual cluster
Possible solutions:
- Check the cluster configuration: Is a server pool assigned to the cluster? Are there server instances in the server pool and are they all marked UP?
- Log onto one of the servers and run the netstat command. If the netstat output shows connections in the SYN-RCVD state, the server is not forwarding its reply packets.
The ADC is not active
Try to ping one of the configured subnet IP addresses. If you do not get a response, “FortiADC Doesn’t Respond to Pings to the Admin Address” provides additional troubleshooting information.