Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config global-load-balance servers

Use this command to configure global load balance servers.

In the context of the global server load balance configuration, servers are the local SLB (FortiADC instances or third-party servers) that are to be load balanced. For FortiADC instances, the GLB checks status and synchronizes configuration from the local SLB so that it can learn the set of virtual servers that are possible to include in the GLB virtual server pool.

Figure 1 illustrates configuration discovery. You use the execute discovery-glb-virtual-server command to populate the virtual-server-list configuration. Placement in this list does not include them in the pool. You also must name them explicitly in the virtual server pool configuration.

Figure 1:   Virtual server discovery

Before you begin:

  • You must have created the data center configuration objects that are associated with the local SLB.
  • You must have created virtual server configurations on the local FortiADC SLB so that you can use execute discovery-glb-virtual-server command to discover them.
  • You must have read-write permission for global load balancing settings.

After you have created a server configuration object, you can specify it the global load balancing virtual server pool configuration.

Syntax

config global-load-balance servers

edit <name>

set address-type {ipv4|ipv6}

set auth-key <string>

set auth-type <non/TCP_MD5SIG/auth_verify>

set auto-sync <enable/disable>

set data-center <datasource>

set ip <class_ip>

set port <integer>

set server-type {FortiADC-SLB|Generic-Host}

set sync-status {enable|disable}

set health-check-ctrl {enable|disable}

set health-check-list <datasource> <datasource> ...

set health-check-relation {AND|OR}

config virtual-server-list

edit <name>

set address-type {ipv4|ipv6}

set ip <class-ip>

set gateway <string>

set health-check-inherit {enable|disable}

set health-check-ctrl {enable|disable}

set health-check-list <datasource> <datasource> ...

set health-check-relation {AND|OR}

next

end

next

end

address-type

IPv4 or IPv6.

auth-key

Password of the remote server.

auth-type

Remote server authentication type.

auto-sync

Automatic synchronization with the remote server, ennable or disable; enabled, the virtual-server-list will synchronize automatically.

data-center

Specify a data center configuration object. The data center configuration object properties are used to establish the proximity of the servers and the client requests.

ip

Specify the IP address for the FortiADC management interface.

server-type

FortiADC-SLB: A FortiADC instance.

Generic-Host: A third party ADC or server.

sync-status

Enable/disable synchronization of the virtual server status from the local FortiADC SLB. Disabled by default. If enabled, synchronization occurs whenever there is a change in virtual server status.

health-check-ctrl

If type is Generic Host, enable/disable health checks for the virtual server list. The health check settings at this configuration level are the parent configuration. When you configure the list, you can specify whether to inherit or override the parent configuration.

If type is FortiADC-SLB, this option is not available. Health checking is built-in, and you can optionally configure a gateway health check.

health-check-list

Specify one or more health check configuration objects.

health-check-relation

  • AND—All of the specified health checks must pass for the server to be considered available.
  • OR—One of the specified health checks must pass for the server to be considered available.

config virtual-server-list

When servers are FortiADC servers, use execute discovery-glb-virtual-server to populate the basic virtual-server-list configuration. After it has been populated, you can add a gateway health check. (optional).

<name>

Must match the virtual server configuration name on the local FortiADC.

address-type

IPv4 or IPv6.

ip

Virtual server IP address.

gateway

Used when server type is FortiADC.

Specify a gateway to enable an additional health check: is the gateway beyond the FortiADC reachable? Specify a string that matches the configuration name of a link load balancing gateway.

health-check-inherit

If type is Generic Host, enable to inherit the health check settings from the parent configuration. Disable to specify health check settings in this member configuration.

health-check-ctrl

Enable health checking for the virtual server.

health-check-list

Specify one or more health check configuration objects.

health-check-relation

  • AND—All of the selected health checks must pass for the server to the considered available.
  • OR—One of the selected health checks must pass for the server to be considered available.

Example

FortiADC-VM # config global-load-balance servers

 

FortiADC-VM (servers) # edit FortiADC-2

 

FortiADC-VM (FortiADC-2) # set sync-status enable

FortiADC-VM (FortiADC-2) # auth-type TCP_MDFSIG

FortiADC-VM (FortiADC-2) # set auth-key ENC QVhOH9Wvq6q4BP2sqQMNJ6FDWWYcZA6THCj/sHFGHtAb6qO5nqy1SJ9PpEpc+yk/j8XWfXeORT8DsF8KDBhDL9K5Ms9sXs1y8gUQbtFnCIHKwIpf

FortiADC-VM (FortiADC-2) # set data-center United_States

FortiADC-VM (FortiADC-2) # set auto-sync enable

FortiADC-VM (FortiADC-2) # set ip 172.30.144.100

FortiADC-VM (FortiADC-2) # set server-type FortiADC-SLB

 

FortiADC-VM (FortiADC-2) # show

config global-load-balance servers

edit "FortiADC-2"

set ip 172.30.144.100

set data-center United_States

config virtual-server-list

end

next

end

 

FortiADC-VM (FortiADC-2) # end

 

FortiADC-VM # execute discovery-glb-virtual-server server FortiADC-2

 

FortiADC-VM # show global-load-balance servers FortiADC-2

config global-load-balance servers

edit "FortiADC-2"

set ip 172.30.144.100

set data-center United_States

config virtual-server-list

edit "mail_example_com"

set ip 192.0.2.2

set port 80

next

edit "www_example_com"

set ip 192.0.2.1

set port 811

next

end

next

end

 

FortiADC-VM # config global-load-balance servers

 

FortiADC-VM (servers) # edit FortiADC-2

 

FortiADC-VM (FortiADC-2) # config virtual-server-list

 

FortiADC-VM (virtual-server~l) # show

config virtual-server-list

edit "mail_example_com"

set ip 192.0.2.2

set port 80

next

edit "www_example_com"

set ip 192.0.2.1

set port 811

next

end

 

FortiADC-VM (virtual-server~l) # edit www_example_com

FortiADC-VM (www_example_com) # set gateway US-ISP1

FortiADC-VM (www_example_com) # end

 

FortiADC-VM (FortiADC-2) # end

config global-load-balance servers

Use this command to configure global load balance servers.

In the context of the global server load balance configuration, servers are the local SLB (FortiADC instances or third-party servers) that are to be load balanced. For FortiADC instances, the GLB checks status and synchronizes configuration from the local SLB so that it can learn the set of virtual servers that are possible to include in the GLB virtual server pool.

Figure 1 illustrates configuration discovery. You use the execute discovery-glb-virtual-server command to populate the virtual-server-list configuration. Placement in this list does not include them in the pool. You also must name them explicitly in the virtual server pool configuration.

Figure 1:   Virtual server discovery

Before you begin:

  • You must have created the data center configuration objects that are associated with the local SLB.
  • You must have created virtual server configurations on the local FortiADC SLB so that you can use execute discovery-glb-virtual-server command to discover them.
  • You must have read-write permission for global load balancing settings.

After you have created a server configuration object, you can specify it the global load balancing virtual server pool configuration.

Syntax

config global-load-balance servers

edit <name>

set address-type {ipv4|ipv6}

set auth-key <string>

set auth-type <non/TCP_MD5SIG/auth_verify>

set auto-sync <enable/disable>

set data-center <datasource>

set ip <class_ip>

set port <integer>

set server-type {FortiADC-SLB|Generic-Host}

set sync-status {enable|disable}

set health-check-ctrl {enable|disable}

set health-check-list <datasource> <datasource> ...

set health-check-relation {AND|OR}

config virtual-server-list

edit <name>

set address-type {ipv4|ipv6}

set ip <class-ip>

set gateway <string>

set health-check-inherit {enable|disable}

set health-check-ctrl {enable|disable}

set health-check-list <datasource> <datasource> ...

set health-check-relation {AND|OR}

next

end

next

end

address-type

IPv4 or IPv6.

auth-key

Password of the remote server.

auth-type

Remote server authentication type.

auto-sync

Automatic synchronization with the remote server, ennable or disable; enabled, the virtual-server-list will synchronize automatically.

data-center

Specify a data center configuration object. The data center configuration object properties are used to establish the proximity of the servers and the client requests.

ip

Specify the IP address for the FortiADC management interface.

server-type

FortiADC-SLB: A FortiADC instance.

Generic-Host: A third party ADC or server.

sync-status

Enable/disable synchronization of the virtual server status from the local FortiADC SLB. Disabled by default. If enabled, synchronization occurs whenever there is a change in virtual server status.

health-check-ctrl

If type is Generic Host, enable/disable health checks for the virtual server list. The health check settings at this configuration level are the parent configuration. When you configure the list, you can specify whether to inherit or override the parent configuration.

If type is FortiADC-SLB, this option is not available. Health checking is built-in, and you can optionally configure a gateway health check.

health-check-list

Specify one or more health check configuration objects.

health-check-relation

  • AND—All of the specified health checks must pass for the server to be considered available.
  • OR—One of the specified health checks must pass for the server to be considered available.

config virtual-server-list

When servers are FortiADC servers, use execute discovery-glb-virtual-server to populate the basic virtual-server-list configuration. After it has been populated, you can add a gateway health check. (optional).

<name>

Must match the virtual server configuration name on the local FortiADC.

address-type

IPv4 or IPv6.

ip

Virtual server IP address.

gateway

Used when server type is FortiADC.

Specify a gateway to enable an additional health check: is the gateway beyond the FortiADC reachable? Specify a string that matches the configuration name of a link load balancing gateway.

health-check-inherit

If type is Generic Host, enable to inherit the health check settings from the parent configuration. Disable to specify health check settings in this member configuration.

health-check-ctrl

Enable health checking for the virtual server.

health-check-list

Specify one or more health check configuration objects.

health-check-relation

  • AND—All of the selected health checks must pass for the server to the considered available.
  • OR—One of the selected health checks must pass for the server to be considered available.

Example

FortiADC-VM # config global-load-balance servers

 

FortiADC-VM (servers) # edit FortiADC-2

 

FortiADC-VM (FortiADC-2) # set sync-status enable

FortiADC-VM (FortiADC-2) # auth-type TCP_MDFSIG

FortiADC-VM (FortiADC-2) # set auth-key ENC QVhOH9Wvq6q4BP2sqQMNJ6FDWWYcZA6THCj/sHFGHtAb6qO5nqy1SJ9PpEpc+yk/j8XWfXeORT8DsF8KDBhDL9K5Ms9sXs1y8gUQbtFnCIHKwIpf

FortiADC-VM (FortiADC-2) # set data-center United_States

FortiADC-VM (FortiADC-2) # set auto-sync enable

FortiADC-VM (FortiADC-2) # set ip 172.30.144.100

FortiADC-VM (FortiADC-2) # set server-type FortiADC-SLB

 

FortiADC-VM (FortiADC-2) # show

config global-load-balance servers

edit "FortiADC-2"

set ip 172.30.144.100

set data-center United_States

config virtual-server-list

end

next

end

 

FortiADC-VM (FortiADC-2) # end

 

FortiADC-VM # execute discovery-glb-virtual-server server FortiADC-2

 

FortiADC-VM # show global-load-balance servers FortiADC-2

config global-load-balance servers

edit "FortiADC-2"

set ip 172.30.144.100

set data-center United_States

config virtual-server-list

edit "mail_example_com"

set ip 192.0.2.2

set port 80

next

edit "www_example_com"

set ip 192.0.2.1

set port 811

next

end

next

end

 

FortiADC-VM # config global-load-balance servers

 

FortiADC-VM (servers) # edit FortiADC-2

 

FortiADC-VM (FortiADC-2) # config virtual-server-list

 

FortiADC-VM (virtual-server~l) # show

config virtual-server-list

edit "mail_example_com"

set ip 192.0.2.2

set port 80

next

edit "www_example_com"

set ip 192.0.2.1

set port 811

next

end

 

FortiADC-VM (virtual-server~l) # edit www_example_com

FortiADC-VM (www_example_com) # set gateway US-ISP1

FortiADC-VM (www_example_com) # end

 

FortiADC-VM (FortiADC-2) # end