Name | HTTP_health_chk_1 |
Type | HTTP |
Port | 80 |
URL | /index.html |
Matched Content | Fortinet products |
Interval | 10 seconds |
Timeout | 2 seconds |
Retry | 3 |
Name | Load_Bal_VS1 |
Type | HTTP |
Interface | wan1 |
Virtual Server IP | 192.168.37.4 The public IP address of the web server. The virtual server IP address is usually a static IP address obtained from your ISP for your web server. This address must be a unique IP address that is not used by another host and cannot be the same as the IP address of the external interface the virtual IP will be using. However, the external IP address must be routed to the selected interface. The virtual IP address and the external IP address can be on different subnets. When you add the virtual IP, the external interface responds to ARP requests for the external IP address. |
Virtual Server Port | 80 |
Load Balance Method | First Alive |
Persistence | HTTP cookie |
HTTP Multiplexing | Select. The FortiGate unit multiplexes multiple client into a few connections between the FortiGate unit and each real HTTP server. This can improve performance by reducing server overhead associated with establishing multiple connections. |
Preserve Client IP | Select The FortiGate unit preserves the IP address of the client in the X-Forwarded-For HTTP header. |
Health Check | Move the HTTP_health_chk_1 health check monitor to the Selected list. |
Virtual Server | Load_Bal_VS1 |
IP Address | 10.10.10.42 |
Port | 80 |
Weight | Cannot be configured because the virtual server does not include weighted load balancing. |
Maximum Connections | 0 Setting Maximum Connections to 0 means the FortiGate unit does not limit the number of connections to the real server. Since the virtual server uses First Alive load balancing you may want to limit the number of connections to each real server to limit the traffic received by each server. In this example, the Maximum Connections is initially set to 0 but can be adjusted later if the real servers are getting too much traffic. |
Virtual Server | Load_Bal_VS1 |
IP Address | 10.10.10.43 |
Port | 80 |
Weight | Cannot be configured because the virtual server does not include weighted load balancing. |
Maximum Connections | 0 Setting Maximum Connections to 0 means the FortiGate unit does not limit the number of connections to the real server. Since the virtual server uses First Alive load balancing you may want to limit the number of connections to each real server to limit the traffic received by each server. In this example, the Maximum Connections is initially set to 0 but can be adjusted later if the real servers are getting too much traffic. |
Virtual Server | Load_Bal_VS1 |
IP Address | 10.10.10.44 |
Port | 80 |
Weight | Cannot be configured because the virtual server does not include weighted load balancing. |
Maximum Connections | 0 Setting Maximum Connections to 0 means the FortiGate unit does not limit the number of connections to the real server. Since the virtual server uses First Alive load balancing you may want to limit the number of connections to each real server to limit the traffic received by each server. In this example, the Maximum Connections is initially set to 0 but can be adjusted later if the real servers are getting too much traffic. |
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | wan1 |
Source Address | all (or a more specific address) |
Outgoing Interface | dmz1 |
Destination Address | Load_Bal_VS1 |
Schedule | always |
Service | HTTP |
Action | ACCEPT |
Log Allowed Traffic | Select to log virtual server traffic |
Enable NAT | Select this option and select Use Destination Interface Address. |