Fabric connectors
Connectors in FortiGSLB are linked to a physical device at the data center which houses virtual servers, from which the cloud can fetch all the virtual servers running information.
You can either create a connector manually in the FortiGSLB Cloud GUI, or enable a One-Click DNS service on a FortiADC/FortiGate/FortiWeb appliance, which will automatically create the connector and GSLB service.
Create Connector manually
- Go to Fabric Connectors and click Create Connector.
- Create a connector according to the following configuration.
Settings Guidelines Name
The name of the connector.
Note: After you initially save the configuration, you can still edit the name later.
Type
FortiGSLB can support three types of connectors:
1. FortiGate
The FortiGate Connector is for a FortiGate device. The administrator can edit the FortiGate Management IP address or FQDN, port, API version, sync control and authentication for the connector. Once the Fortigate Connector is configured, FortiGSLB will sync the Virtual Server and SD-WAN configuration and run information from the FortiGate host periodically through RestAPI and update automatically. The administrator can specify the SD-WAN member name with the virtual server. The administrator can also create the virtual server manually or specify the health check for the virtual server.
2. FortiADC
A FortiADC instance that has enabled FortiGSLB.
The FortiADC type connetor is the FortiADC device that runs FortiGSLB service. Once the device connects to the cloud, it will actively connect to the cloud. Then the connector object will be generated automatically, and the administrator will define the Virtual Servers’ domains and hosts at the connector side in just one step. FortiADC will send the Virtual Servers’ domains, hosts, running information to the cloud periodically, while the cloud will perform global servers load balancing automatically. The administrator can also create the virtual server manually or specify the health check for the virtual server.
3. Generic-Host
A third party FortiADC connector.
The Generic-Host type connector is a third party host system that cannot communicate with the cloud directly. The administrator can add the host IP address on this server, and the administrator cloud can also specify the health check for the host. The cloud will detect the remote host automatically, then the administrator can configure the pool, the GSLB service.
4. FortiWeb
A FortiWeb instance that has enabled one-click GSLB service.
The FortiWeb type connector is the FortiWeb device that enable FortiGSLB service as fabric connector. Once the device connects to the FortiGSLB cloud, it will publish the polices with hosts and domains to FortiGSLB, and FortiGSLB will create connector object and GSLB service automatically.
Data center
Select a data center configuration object. The data center indicates the physical geography location of the connector.
Address type
IPv4 or FQDN
Address IPv4
FortiGate management IPv4 address
Address
FQDN address
Port
FortiGate administrative access port for HTTPS. Default: 443, Range: 1-65535
API version
The restful API version that FortiGSLB can use when access FortiGate . Currently only v2 is supported
Sync control
User can configure to sync SD-WAN and/or Virtual Server configuration and running information from FortiGate. Default: SD-WAN.
Note: The name of the synced SD-WAN and Virtual Server will use VDOM name as prefix, such as root-xxxx.
Auth type
The authentication method that FortiGSLB can use when access FortiGate.
Currently, Auth-Verify and Token authentication are supported. When Auth-Verify is chosen, user needs to provide username and password info; when Token is chosen, user needs to provide the RestAPI Key generated from FortiGate
- After the FortiGate Connector is created, the Virtual Servers and SD-WAN member should be synced to FortiGSLB Cloud within a couple minutes.
Notes & limitations:
- FortiGate Connector supports FortiGate hosts that run FortiOS version 6.2.5 or higher, due to the supported RestAPIs on FortiGate.
- FortiGate Connector supports Rest API version v2, this is the same Rest API version that FortiGate host currently supports. If in the future, FortiGate supports additional versions, FortiGate Connector will extend to support additional versions as well
- The FortiGate API token needed in FortiGate Connector token authentication can be generated on FortiGate using CLI. Below is an example of how to config an api-user and generate API key:
config system api-user
edit "g-api-rw-user"
set api-key ENC SH2SHFEtfJQ9OsfH/keh4kdULAp3V4ps7HkxBuDIzpR4Cmsckaa9wJ6kw28dFQ=
set accprofile "super_admin"
set vdom "root"
config trusthost
edit 1
set ipv4-trusthost 10.6.30.0 255.255.255.0
next
end
next
end
execute api-user generate-key g-api-rw-user
- If Virtual Domains(VDOM) are enabled on FortiGate host, the RestAPI administrator configured for FortiGate Connector access should have access to all the VDOMs
Create a Generic-Host type connector
- Go to Fabric Connectors and click Create Connector.
- Create a connector according to the following configuration. For Type, select Generic-Host.
Settings Guidelines Name
The name of the connector.
Note: After you initially save the configuration, you can still edit the name later.
Type
FortiGSLB can support three types of connectors. Refer to the table under Create Connector manually for details.
For Generic-Host type, select "Generic-Host"
Data center
Select a data center configuration object. The data center indicates the physical geography location of the server.
- Input a meaningful name for the connector, and select the Data Center or create a new one. Don't forget to save. Then, configure virtual servers according to Configuring virtual servers for connectors.
|
It is recommended to create only one Connector for each Data Center, unless you have a lot of services and IP addresses for this Data Center (which means you will have a lot of virtual servers, hundreds). In this case, you may need multiple Connectors. For easy management, it is recommended to create a Connector for each hardware device or a set of devices that running the similar service, or a set of devices that for one domain. |
Note: The FortiADC type connector is automatically generated and available to use in FortiGSLB once the user enables FortiGSLB service on the FortiADC device. The user does not need to manually create this type of connector.
Configuring virtual servers for connectors
In the edit connector window, click "Create Member" to create a virtual server.
To configure the virtual server, input a virtual server name, and IP address. Enable the health check if needed. Virtual Server is allowed to enable multiple health checks for each virtual server with a simple and/or relationship.
Refer to the table below for details on virtual server configuration settings.
|
Settings |
Guidelines |
|---|---|
|
Name |
Virtual server name Note: Usually, the service name or FQDN name is used for ease of identification. You may still edit it after you initially save the configuration. |
|
Address Type |
IPv4 or IPv6. |
|
IP Address |
Virtual server IP address. |
|
Health Check Control |
Enable health checking for the virtual server.
Note: you must enable this option to configure the Health Check Relationship and Health Check List fields below. |
|
Health Check Relationship |
|
|
Health Check List |
Specify one or more health check configuration objects. |
|
SD-WAN Link Name |
Specify the SD-WAN member name for the virtual server, applicable to FortiGate type connector only. Notes:
|
|
|
It is recommended that you reuse the same Virtual Server for different GSLB services if they share the same IP. However, it is also reasonable to have multiple Virtual Servers with the same IP, which then may use different health check for different GSLB services. |