Solved

Load Balancing using Fortigate device

Posted on 2008-06-13
2
9,388 Views
Last Modified: 2013-11-16
I've installed a Fortigate 300A firewall device. Is it possible to use this device as a load balancer for my 2 internet lines ? something like what GLBP does.

Thanks
0
Comment
Question by:Farrahi
2 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 500 total points
ID: 21966996
It is indeed possible to use the Fortigate for WAN failover/load balancing. The fortigate can either use the links in active/passive fashion outbound, but active/active inbound or (to a degree active/actvie outbound and inbound. This assumes the fortigate is the outgoing router to the internet and that the WAN connections are connected to seperate interfaces (e.g. WAN1 and WAN2).

There are a number of articles on the subject, but i will list just these two:

http://kc.forticare.com/default.asp?id=376&Lang=1&SID=
http://kc.forticare.com/default.asp?id=1583&SID=&Lang=1

There are also some documentation on the unit:

http://docs.forticare.com/fgt/techdocs/FortiGate_Administration_Guide_01-30006-0203-20080313.pdf

I have no personal experience of GLBP to give you a direct comparison.

You should note that the mechanism used in a single unit for WAN failer is based purely on the ability to ping a target (or multiple targets). When the target (or targets) are unavailable for a defined period of time the interface is marked as down and the routing table adjusted (until it gets replies again).

Having more than one unit in a cluster gives you some more options to survive a unit failure, or even for example someone unplugging WAN1 on one unit - as the unit would fail over to another node which said its WAN1 was OK.

So the simple answer is yes, the longer answer is it depends on what your expectations are.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question