Fortinet 150 FortiWeb 5.0 Patch 6 Administration Guide
3. Modify the server policy (Policy > Server Policy > Server Policy).
•In HTTPS Service, select the predefined HTTPS service.
•In Physical Server Port, if your web server does not listen on the standard port 443, type
its port number for incoming HTTPS traffic.
•In Certificate, select your web server’s certificate. Also select, if applicable, Certificate
Verification and Certificate Intermediate Group.
•Enable SSL Server.
Traffic should now pass through the FortiWeb appliance to your server. If it does not, see
“Troubleshooting” on page 630.
Example 3: Configuring a policy for load balancingIf you want protect multiple web servers, configuration is similar to Example 1: Configuring a
policy for HTTP via auto-learning.
To distribute load among multiple servers, however, instead of specifying a single physical
server in the policy, you must specify a group of servers (server farm).
To configure a load-balancing policy
1. Define additional web servers by either their IP address (Server Objects > Server >
Physical Server) or domain name (Server Objects > Server > Domain Server).
2. Group the web servers into a server farm (Server Objects > Server > Server Farm). When
used by a policy, it tells the FortiWeb appliance how to distribute incoming web connections
to those destination IP addresses. On the Server Farm dialog:
•From Type , select Server Balance.
• Add your physical and/or domain servers (Physical Server or Domain Server).
• If you want to distribute connections proportionately to a server’s capabilities instead of
evenly, in each Weight, give the numerical weight of the new server when using the
weighted round-robin load-balancing algorithm.
3. Configure a policy and profiles according to “Example 1: Configuring a policy for HTTP via
auto-learning” on page 148, except for auto-learning, which you will postpone until these
steps are complete.
4. Modify the server policy:
•From Deployment Mode, select Server Balance.
•From Load Balancing Algorithm, select Round Robin or Weighted Round Robin.
Traffic should now pass through the FortiWeb appliance and be distributed among your
servers. If it does not, see “Troubleshooting” on page 630.
This example assumes a basic network topology. If there is another, external proxy or load
balancer between clients and your FortiWeb, you may need to define it (see “Defining your web
servers & load balancers” on page 248).
Similarly, if there is a proxy or load balancer between FortiWeb and your web servers, you may
need to configure your FortiWebserver policy’s Deployment Mode option as if requests were
destined for a single web server (the proxy or load balancer), not load balanced by FortiWeb
amongst multiple servers.