Chapter 12 Load Balancing : Configuring load balancing : Load balancing overview : Configuring load balancing virtual servers from the web‑based manager
  
Configuring load balancing virtual servers from the web‑based manager
A virtual server is a specialized firewall virtual IP that performs server load balancing. From the web‑based manager you add load balancing virtual server by going to Policy & Objects > Load Balance > Virtual Servers.
Name
Enter the name for the virtual server.
Type
Select the protocol to be load balanced by the virtual server. If you select a general protocol such as IP, TCP, or UDP the virtual server load balances all IP, TCP, or UDP sessions. If you select specific protocols such as HTTP, HTTPS, or SSL you can apply additional server load balancing features such as Persistence and HTTP Multiplexing.
Select HTTP to load balance only HTTP sessions with destination port number that matches the Virtual Server Port setting. Change Virtual Server Port to match the destination port of the sessions to be load balanced (usually port 80 for HTTP sessions). You can also select HTTP Multiplex. You can also set Persistence to HTTP Cookie to select cookie-based persistence.
Select HTTPS to load balance only HTTPS sessions with destination port number that matches the Virtual Server Port setting. Change Virtual Server Port to match the destination port of the sessions to be load balanced (usually port 443 for HTTPS sessions). You can also select Multiplex HTTP requests/responses. You can also set Persistence to HTTP Cookie to select cookie-based persistence. You can also set Persistence to SSL Session ID.
Select IMAPS to load balance only IMAPS sessions with destination port number that matches the Virtual Server Port setting. Change Virtual Server Port to match the destination port of the sessions to be load balanced (usually port 993 for IMAPS sessions). You can also set Persistence to SSL Session ID.
Select POP3S to load balance only POP3S sessions with destination port number that matches the Virtual Server Port setting. Change Virtual Server Port to match the destination port of the sessions to be load balanced (usually port 995 for POP3S sessions). You can also set Persistence to SSL Session ID.
Select SMTPS to load balance only SMTPS sessions with destination port number that matches the Virtual Server Port setting. Change Virtual Server Port to match the destination port of the sessions to be load balanced (usually port 465 for SMTPS sessions). You can also set Persistence to SSL Session ID.
Select SSL to load balance only SSL sessions with destination port number that matches the Virtual Server Port setting. Change Virtual Server Port to match the destination port of the sessions to be load balanced.
Select TCP to load balance only TCP sessions with destination port number that matches the Virtual Server Port setting. Change Virtual Server Port to match the destination port of the sessions to be load balanced.
Select UDP to load balance only UDP sessions with destination port number that matches the Virtual Server Port setting. Change Virtual Server Port to match the destination port of the sessions to be load balanced.
Select IP to load balance all sessions accepted by the security policy that contains this virtual server.
Interface
Select the virtual server external interface from the list. The external interface is connected to the source network and receives the packets to be forwarded to the destination network.
Virtual Server IP
The IP address of the virtual server. This is an IP address on the external interface that you want to map to an address on the destination network.
Virtual Server Port
Enter the external port number that you want to map to a port number on the destination network. Sessions with this destination port are load balanced by this virtual server.
Load Balance Method
Select the load balancing method used by the virtual server. See “Load balancing methods”.
Persistence
Configure persistence to make sure that a user is connected to the same server every time they make a request that is part of the same session. Session persistence is supported for HTTP and SSL sessions. See “Session persistence”. For HTTP and HTTPS sessions, see “HTTP and HTTPS persistence”.
HTTP Multiplexing
Select to use the FortiGate unit to multiplex multiple client connections into a few connections between the FortiGate unit and the real server. See “HTTP and HTTPS multiplexing”.
Preserve Client IP
Select to preserve the IP address of the client in the X-Forwarded-For HTTP header. This can be useful if you want log messages on the real servers to the client’s original IP address. If this option is not selected, the header will contain the IP address of the FortiGate unit.
This option appears only if HTTP or HTTS are selected for Type, and is available only if HTTP Multiplexing is selected.
SSL Offloading
Select to accelerate clients’ SSL connections to the server by using the Fortinet FortiGate unit to perform SSL operations, then select which segments of the connection will receive SSL offloading. See “SSL offloading”
Certificate
Select the certificate to use with SSL Offloading. The certificate key size must be 1024 or 2048 bits. 4096-bit keys are not supported.
This option appears only if HTTPS or SSL are selected for Type, and is available only if SSL Offloading is selected.
Health Check
Select which health check monitor configuration will be used to determine a server’s connectivity status. See “Health check monitoring”.