CLI configuration
Use the following procedure to configure this load balancing setup from the CLI.
To configure HTTP load balancing
1. Use the following command to add an HTTP health check monitor that sends get requests to http://<real_server_IP_address>/index.html and searches the returned web page for the phrase “Fortinet products”.
config firewall ldb-monitor
edit HTTP_health_chk_1
set type http
set port 80
set http-get /index.html
set http-match “Fortinet products”
set interval 10
set timeout 2
set retry 3
end
2. Use the following command to add an HTTP virtual server that allows users on the Internet to connect to the real servers on the internal network. In this example, the FortiGate wan1 interface is connected to the Internet.
config firewall vip
edit Load-Bal_VS1
set type server-load-balance
set server-type http
set ldb-method first-alive
set http-multiplex enable
set http-ip-header enable
set extip 192.168.37.4
set extintf wan1
set extport 80
set persistence http-cookie
set monitor HTTP_health_chk_1
config realservers
edit 1
set ip 10.10.10.42
set port 80
next
edit 2
set ip 10.10.10.43
set port 80
next
edit 3
set ip 10.10.10.44
set port 80
end
end
3. Use the following command to add a security policy that includes the load balance virtual server as the destination address.
config firewall policy
edit 0
set srcintf wan1
set srcaddr all
set dstintf dmz1
set dstaddr Load-Bal_VS1
set action accept
set schedule always
set service ALL
set nat enable
end
Configure other security policy settings as required.