Solved

Load Balancing using Fortigate device

Posted on 2008-06-13
2
9,407 Views
Last Modified: 2013-11-16
I've installed a Fortigate 300A firewall device. Is it possible to use this device as a load balancer for my 2 internet lines ? something like what GLBP does.

Thanks
0
Comment
Question by:Farrahi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 500 total points
ID: 21966996
It is indeed possible to use the Fortigate for WAN failover/load balancing. The fortigate can either use the links in active/passive fashion outbound, but active/active inbound or (to a degree active/actvie outbound and inbound. This assumes the fortigate is the outgoing router to the internet and that the WAN connections are connected to seperate interfaces (e.g. WAN1 and WAN2).

There are a number of articles on the subject, but i will list just these two:

http://kc.forticare.com/default.asp?id=376&Lang=1&SID=
http://kc.forticare.com/default.asp?id=1583&SID=&Lang=1

There are also some documentation on the unit:

http://docs.forticare.com/fgt/techdocs/FortiGate_Administration_Guide_01-30006-0203-20080313.pdf

I have no personal experience of GLBP to give you a direct comparison.

You should note that the mechanism used in a single unit for WAN failer is based purely on the ability to ping a target (or multiple targets). When the target (or targets) are unavailable for a defined period of time the interface is marked as down and the routing table adjusted (until it gets replies again).

Having more than one unit in a cluster gives you some more options to survive a unit failure, or even for example someone unplugging WAN1 on one unit - as the unit would fail over to another node which said its WAN1 was OK.

So the simple answer is yes, the longer answer is it depends on what your expectations are.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question