Fortinet 5.0 Patch 6 Example 3: Configuring a policy for load balancing

Fortinet 150 FortiWeb 5.0 Patch 6 Administration Guide

3. Modify the server policy (Policy > Server Policy > Server Policy).

•In HTTPS Service, select the predefined HTTPS service.

•In Physical Server Port, if your web server does not listen on the standard port 443, type

its port number for incoming HTTPS traffic.

•In Certificate, select your web server’s certificate. Also select, if applicable, Certificate

Verification and Certificate Intermediate Group.

•Enable SSL Server.

Traffic should now pass through the FortiWeb appliance to your server. If it does not, see

“Troubleshooting” on page 630.

Example 3: Configuring a policy for load balancing

If you want protect multiple web servers, configuration is similar to Example 1: Configuring a

policy for HTTP via auto-learning.

To distribute load among multiple servers, however, instead of specifying a single physical

server in the policy, you must specify a group of servers (server farm).

To configure a load-balancing policy

1. Define additional web servers by either their IP address (Server Objects > Server >

Physical Server) or domain name (Server Objects > Server > Domain Server).

2. Group the web servers into a server farm (Server Objects > Server > Server Farm). When

used by a policy, it tells the FortiWeb appliance how to distribute incoming web connections

to those destination IP addresses. On the Server Farm dialog:

•From Type , select Server Balance.

• Add your physical and/or domain servers (Physical Server or Domain Server).

• If you want to distribute connections proportionately to a server’s capabilities instead of

evenly, in each Weight, give the numerical weight of the new server when using the

weighted round-robin load-balancing algorithm.

3. Configure a policy and profiles according to “Example 1: Configuring a policy for HTTP via

auto-learning” on page 148, except for auto-learning, which you will postpone until these

steps are complete.

4. Modify the server policy:

•From Deployment Mode, select Server Balance.

•From Load Balancing Algorithm, select Round Robin or Weighted Round Robin.

Traffic should now pass through the FortiWeb appliance and be distributed among your

servers. If it does not, see “Troubleshooting” on page 630.

This example assumes a basic network topology. If there is another, external proxy or load

balancer between clients and your FortiWeb, you may need to define it (see “Defining your web

servers & load balancers” on page 248).

Similarly, if there is a proxy or load balancer between FortiWeb and your web servers, you may

need to configure your FortiWebserver policy’s Deployment Mode option as if requests were

destined for a single web server (the proxy or load balancer), not load balanced by FortiWeb

amongst multiple servers.