Predefined | Description |
LB_PERSIS_SIP | Persistence based on IP address or subnet. The system selects the backend server for a client IP’s first request using the method specified in the virtual server configuration and then stores the relationship between client IP and server in a table. It uses the mapping in the table to forward subsequent requests from the same IP address or subnet to the same backend server. |
LB_PERSIS_CONSISTENT_SIP | Persistence based on a hash of source IP. The system uses an algorithm to calculate a hash value for the IP address of the client making an initial request. It then maps this value to the selected backend server and uses the mapping table to forward subsequent requests that generate the same hash value to the same backend server. |
LB_PERSIS_HASH_SRC_ADDR_PORT | Persistence based on a hash that includes source IP and port. The system uses an algorithm to calculate a hash value for the IP address and port of an initial client request. It then maps this value to the selected backend server and uses the mapping table to forward subsequent requests that generate the same hash value to the same backend server. |
LB_PERSIS_HASH_COOKIE | Persistence based on a cookie provided by the backend server. The system uses an algorithm to calculate a hash value for the cookie provided by the backend server. It then maps this value to the selected backend server and uses the mapping table to forward subsequent requests that generate the same hash value to the same backend server. |
LB_PERSIS_SSL_SESS_ID | Persistence based on the SSL session ID. If the initial client request has an SSL session ID, the system sends all subsequent sessions with the same SSL session ID to the same backend server. |
You can clone a predefined configuration object to help you get started with a user-defined configuration. To clone a configuration object, click the clone icon that appears in the tools column on the configuration summary page. |
Settings | Guidelines |
Name | Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the virtual server configuration. Note: After you initially save the configuration, you cannot edit the name. |
Source Address | |
Source Address | Persistence is based on source IP address. The system selects the backend server for a client’s first request using the method specified in the virtual server configuration and then stores the relationship between the client IP address and the selected backend server in a table. It uses the mapping table to forward subsequent requests from the client IP address to the same backend server. |
Timeout | Server-side session timeout. Specifies the maximum amount of time between requests. That is, when the time that has elapsed since the system last received a request from the client IP is greater than the timeout, the system does not use the mapping table to forward the request. Instead, it again selects the server using the method specified in the virtual server configuration. |
Subnet Mask Bits (IPv4) | Number of bits in a subnet mask to specify a network segment that should following the persistence rule. For example, if IPv4 maskbits is set to 24, and the backend server A responds to a client with the source IP 192.168.1.100, server A also responds to all clients from subnet 192.168.1.0/24. |
Subnet Mask Bits (IPv6) | Number of bits in a subnet mask to specify a network segment that should following the persistence rule. |
Match Across Servers | Enable so clients continue to access the same backend server through different virtual servers for the duration of a session. For example, a client session with a vSphere 6.0 Platform Services Controller (PSC) has connections on the following ports: 443, 389, 636, 2012, 2014, 2020. A FortiADC deployment to load balance a cluster of vSphere PSCs includes Layer 4 virtual server configurations for each of these ports. To ensure a client’s connections for a session go to the same backend real server: 1. Create a persistence object based on Source Address affinity and select the Match Across Servers option. 2. Select this persistence object in each of the Layer 4 virtual servers configured to load balance the vSphere PSC pool. 3. Select the same real server pool object in each of the Layer 4 virtual servers configured to load balance the vSphere PSC pool. When these options are enabled, FortiADC dispatches the intial connection to a real server destination (for example, RS1) based on the virtual server’s load balancing method, and the persistence object is noted in the connection table. Subsequent connection attempts with the same source IP address to any FortiADC virtual server that has this persistence object and real server pool are dispatched to RS1, as long as the session is active. Note: In the Layer 4 virtual server configuration, you specify a packet forwarding method. You can use Source Address persistence with Match Across Servers with any combination of Direct Routing, DNAT, and Full NAT packet forwarding methods. However, with NAT46 and NAT64 packet forwarding methods, the source address type is different from the real server address type. To use Match Across Servers with NAT46 or NAT64, all virtual servers for the application must be configured with the same packet forwarding method: all NAT46 or all NAT64. |
Source Address Hash | |
Source Address Hash | Persistence is based on a hash of the IP address of the client making an initial request. |
Source Address-Port Hash | |
Source Address-Port Hash | Persistence is based on a hash of the IP address and port of an initial client request. |
HTTP Header Hash | |
HTTP Header Hash | Persistence is based on a hash of the specified header value found in an initial client request. |
Keyword | A value found in an HTTP header. |
HTTP Request Hash | |
HTTP Request Hash | Persistence is based on a hash of the specified URL parameter in an initial client request. |
Keyword | A URL parameter. |
Cookie Hash | |
Cookie Hash | Persistence is based on a hash of the cookie provided by the backend server. |
Persistent Cookie | |
Persistent Cookie | Persistence is based on the cookie provided in the backend server response. It forwards subsequent requests with this cookie to the original backend server. |
Keyword | Backend server cookie name. |
Timeout | Server-side session timeout. Specifies the maximum amount of time between requests. That is, when the time that has elapsed since the system last received a request with the cookie is greater than the number of seconds specified by the timeout, it does not forward the request based on the cookie. Instead, it again selects the server using the method specified in the virtual server configuration. |
Insert Cookie | |
Insert Cookie | Persistence is based on a cookie inserted by the FortiADC system. The system inserts a cookie whose name is the value specified by Keyword and whose value is the real server pool member Cookie value and expiration date (if the client does not already have a cookie). For example, if the value of Keyword is sessid and the real server pool member Cookie value is rs1, FortiADC sends the cookie sessid=rs1|U6iFN to the client, where U6iFN is the expiration date as a base64 encoded string. |
Keyword | Specifies the cookie name. |
Timeout | Server-side session timeout. Specifies the maximum amount of time between requests. That is, when the time that has elapsed since the system inserted the cookie is greater than the number of seconds specified by Timeout, it does not forward the request based on the cookie. Instead, it again selects the server using the method specified in the virtual server configuration. |
Rewrite cookie | |
Rewrite Cookie | Persistence is based on the cookie provided in the backend server response, but the system rewrites the cookie. The system checks the HTTP response for a Set-Cookie: value that matches the value specified by Keyword. It replaces the keyword value with the real server pool member Cookie value. For example, the value of Keyword in the persistence configuration is sessid. The real server pool member Cookie value is rs1. After an initial client request, the response from the server contains Set-Cookie: sessid=666, which FortiADC changes to Set-Cookie: sessid=rs1. FortiADC uses this rewritten value to forward subsequent requests to the same backend server as the original request. |
Keyword | Specifies a Set-Cookie: value to match. |
Embedded Cookie | |
Embedded Cookie | Persistence is based on the cookie provided in the backend server response. Like Rewrite Cookie, the system checks the HTTP response for a Set-Cookie: value that matches the value specified by Keyword in the persistence configuration. However, it preserves the original value and adds the real server pool member Cookie value and a ~ (tilde) as a prefix. For example, the value of Keyword is sessid. The real server pool member Cookie value is rs1. After an initial client request, the response from the server contains Set-Cookie: sessid=666, which the system changes to Set-Cookie: sessid=rs1~666. It uses this rewritten value to forward subsequent requests to the same backend server as the original request. |
Keyword | Specifies a Set-Cookie: value to match. |
RADIUS Attribute | |
RADIUS Attribute | Persistence is based on a specified RADIUS attribute. The system selects the backend server for a client IP’s first request using the method specified in the virtual server configuration and then stores the relationship between the value of the specified RADIUS attribute and the backend server in a table. It uses the mapping in the table to forward subsequent requests with the attribute value to the same backend server. |
Keyword | RADIUS attribute. |
Timeout | Server-side session timeout. Specifies the maximum amount of time between requests. That is, when the time that has elapsed since the system last received a request with the specified attribute value is greater than the number of seconds specified by Timeout, the system does not use the mapping table to forward the request. Instead, it again selects the server using the method specified in the virtual server configuration. |
Match across servers | Enable so clients continue to access the same backend server through different virtual servers for the duration of a session. |
SSL Session ID | |
SSL Session ID | Persistence is based on SSL session ID. If the initial client request has an SSL session ID, the system sends all subsequent sessions with the same SSL session ID to the same backend server. |
Timeout | Server-side session timeout. Specifies the maximum amount of time between requests. That is, when the time that has elapsed since the system last received a request with the SSL session ID is greater than the number of seconds specified by Timeout, the system does not use the mapping table to forward the request. Instead, it again selects the server using the load balancing method. |