Web-based manager configuration

Chapter 12 Load Balancing for FortiOS 5.0 : Load balancing configuration examples : Example: Weighted load balancing configuration : Web-based manager configuration

Use the following procedures to configure this load balancing setup from the web‑based manager.

To add the HTTP virtual server

1. Go to Firewall Objects > Load Balance > Virtual Server.

2. Select Create New.

3. Add an IP virtual server that allows users on the Internet to connect to the real servers on the internal network. In this example, the FortiGate port2 interface is connected to the Internet.


Name	HTTP_weghted_LB
Type	IP
Interface	port2
Virtual Server IP	192.168.20.20
Load Balance Method	Weighted

All other virtual server settings are not required or cannot be changed.

4. Select OK.

To add the real servers and associate them with the virtual server

1. Go to Firewall Objects > Load Balance > Real Server.

2. Select Create New.

3. Configure three real servers that include the virtual server All_Load _Balance. Because the Load Balancing Method is Weighted, each real server includes a weight. Servers with a greater weight receive a greater proportion of forwarded connections,

Configuration for the first real server.


Virtual Server	HTTP_weghted_LB
IP Address	10.10.10.1
Port	Cannot be configured because the virtual server is an IP server.
Weight	1
Maximum Connections	0 Setting Maximum Connections to 0 means the FortiGate unit does not limit the number of connections to the real server. Since the virtual server uses First Alive load balancing you may want to limit the number of connections to each real server to limit the traffic received by each server. In this example, the Maximum Connections is initially set to 0 but can be adjusted later if the real servers are getting too much traffic.

Configuration for the second real server.


Virtual Server	HTTP_weghted_LB
IP Address	10.10.10.2
Port	Cannot be configured because the virtual server is an IP server.
Weight	2
Maximum Connections	0 Setting Maximum Connections to 0 means the FortiGate unit does not limit the number of connections to the real server. Since the virtual server uses First Alive load balancing you may want to limit the number of connections to each real server to limit the traffic received by each server. In this example, the Maximum Connections is initially set to 0 but can be adjusted later if the real servers are getting too much traffic.

Configuration for the third real server.


Virtual Server	HTTP_weghted_LB
IP Address	10.10.10.3
Port	Cannot be configured because the virtual server is an IP server.
Weight	3
Maximum Connections	0 Setting Maximum Connections to 0 means the FortiGate unit does not limit the number of connections to the real server. Since the virtual server uses First Alive load balancing you may want to limit the number of connections to each real server to limit the traffic received by each server. In this example, the Maximum Connections is initially set to 0 but can be adjusted later if the real servers are getting too much traffic.

To add the virtual server to a security policy

Add a prot2 to port1 security policy that uses the virtual server so that when users on the Internet attempt to connect to the web server’s IP address, packets pass through the FortiGate unit from the wan1 interface to the dmz1 interface. The virtual IP translates the destination address of these packets from the virtual server IP address to the real server IP addresses.

1. Go to Policy > Policy > Policy.

2. Select Create New.

3. Configure the security policy:


Policy Type	Firewall
Policy Subtype	Address
Incoming Interface	port2
Source Address	all (or a more specific address)
Outgoing Interface	port1
Destination Address	HTTP_weghted_LB
Schedule	always
Service	ALL
Action	ACCEPT
Enable NAT	Select this option and select Use Destination Interface Address.

4. Select other security policy options as required.

5. Select OK.