Introduction
Features
Basic network topology
Scope
What’s New
Key Concepts and Features
Server load balancing
Link load balancing
Global load balancing
SSL offloading
Compression
Caching
Security
Virtual domains
High availability
Getting Started
Step 1: Install the appliance
Step 2: Configure the management interface
Step 3: Configure basic network settings
Step 4: Test connectivity to destination servers
Step 5: Complete product registration, licensing, and upgrades
Step 6: Configure a basic server load balancing policy
Step 7: Test the deployment
Step 8: Back up the configuration
Server Load Balancing
Server load balancing basics
Server load balancing configuration overview
Configuring health checks
Configuring pools of real servers
Configuring source pool
Configuring persistence rules
Configuring content routes
Configuring content rewriting
Configuring compression rules
Configuring caching rules
Configuring profiles
Configuring error pages
Configuring methods
Configuring virtual servers
Link Load Balancing
Link load balancing basics
Using link groups
Using virtual tunnels
Link load balancing configuration overview
Configuring health check rules
Configuring gateway links
Configuring persistence rules
Configuring proximity route settings
Configuring a link group
Configuring a virtual tunnel group
Configuring link policies
Global Load Balancing
Global load balancing basics
Global DNS configuration overview
Configuring an address group
Configuring remote DNS servers
Configuring the DSSET info list
Configuring the global pool
Configuring DNS zones
Configuring DNS64
Configuring the response rate limit
Configuring a Global DNS policy
Configuring general settings
Configuring the trust anchor key
Security Features
Security features basics
Security features configuration overview
Configuring a firewall policy
Configuring the security connection limit
Managing IP reputation policy settings
Enabling denial of service protection
Using Shared Resources
Creating schedule groups
Creating IP address objects
Creating service objects
Networking
Configuring network interfaces
Using physical interfaces
Using VLAN interfaces
Using aggregate interfaces
Configuring network interfaces
Configuring static routes
Configuring policy routes
System Management
Configuring basic system settings
Configuring system time
Backing up and restoring the configuration
Upgrading firmware
Upgrade considerations
Upgrading firmware using the web UI
Upgrading firmware using the CLI
Configuring FortiGuard service settings
Configuring an SMTP mail server
Managing administrator users
Administrator user overview
Configuring access profiles
Creating administrator users
Creating a RADIUS authentication server configuration
Creating an LDAP server configuration
Configuring SNMP
Using certificates
Overview
Prerequisite tasks
Downloading the CA certificate from a backend server
Managing local certificates
Importing a local certificate
Generating a CSR
Creating a local certificate group
Importing a CA
Creating a CA group
Importing an Intermediate CA
Creating an Intermediate CA group
Using OCSP
Using CRLs
Configuring a certificate validator
Rebooting, resetting, and shutting down the system
Logging and Reporting
Using the system dashboard
Configuring local log settings
Configuring syslog settings
Configuring high speed logging
Configuring alert email settings
Using the event log
Using the security log
Using the traffic log
Downloading logs
Using reports
Using the Overall report
Using the Server Load Balance report
Using the Link Load Balance report
Using the Global Load Balance report
Using the Security report
High Availability Deployments
HA feature overview
HA system requirements
HA synchronization
Configuring HA settings
Monitoring an HA cluster
Updating firmware on an HA cluster
Deploying an active-passive cluster
Overview
Basic steps
Best practice tips
Deploying an active-active cluster
Configuration overview
Limitations
Basic steps
Expected behavior
Traffic to Layer 4 virtual servers
Traffic to Layer 7 virtual servers
Traffic processed by firewall rules
Best practice tips
Virtual Domains
Virtual domains basics
Enabling the virtual domain feature
Creating virtual domains
Assigning network interfaces and administrators to virtual domains
Disabling virtual domains
Advanced Networking
Configuring NAT
Configuring SNAT
Configuring 1-to-1 NAT
Configuring QoS
Configuring the QoS queue
Configuring the QoS filter
Configuring OSPF
TCP multiplexing
Best Practices and Fine Tuning
Regular backups
Security
Topology
Administrator access
Performance
System performance
Logging performance
Report performance
Packet capture performance
High availability
Troubleshooting
Logs
Tools
execute commands
execute commands example: ping and traceroute
execute command example: tcpdump
diagnose commands
diagnose command example: packet sniffer
Diff
Solutions by issue type
Login issues
Connectivity issues
Checking hardware connections
Checking routing
Testing for connectivity with ping
Testing routes & latency with traceroute
Examining the routing table
Examining server daemons
Checking port assignments
Performing a packet trace
Checking the SSL/TLS handshake & encryption
Resource issues
Monitoring traffic load
Preparing for DoS attacks
Resetting the configuration
Restoring firmware (“clean install”)
Additional resources
Appendix A: Fortinet MIB
Appendix B: Port Numbers
Appendix C: Maximum Configuration Values
Introduction
Appendix C: Maximum Configuration Values
slb_health_check
slb_pool
ippool
slb_persistence
content_routing
content_rewriting
compression
caching
profile
error_page
slb-method
virtual_server
llb_health_check
gateway
llb_persistence
proximity_route
link_group
virtual_tunnel
llb_policy
glb_address_group
remote_dns_server
dsset_info_list
load_balance_pool
zone
dns64
response_rate_limit
glb_policy
general
trust_anchor_key
firewall_policy
connlimit
reputation
dos_prevention
schedule_group
address_group
service_group
interface
routing_static
routing_policy
basic
maintenance
services
admin
accprofile
radius
ldap
snmp
local_cert
local_cert_group
ca
ca_group
intermediate_ca
intermediate_ca_group
oscp
crl
verify_cert
status
log_local
log_remote
log_highspeed
alert
log_event
log_attack
log_traffic
log_download
report_all
report_slb
report_llb
report_glb
report_attack
ha
vdom
nat_snat
nat_vip
qos_queue
qos_filter
ospf
tcpdump