Firewall Load Balance Configuring real servers
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 475
http://docs.fortinet.com/ • Feedback
3 Select OK.
Configuring real servers
Configure a real server to bind it to a virtual server.
To view the real server list, go to Firewall > Load Balance > Real Server.
Figure 268: Real server list
Preserve
Client IP
Select to preserve the IP address of the client in the X-Forwarded-For HTTP
header. This can be useful if you require logging on the server of the client’s
original IP address. If this option is not selected, the header will contain the IP
address of the FortiGate unit.
This option appears only if HTTP or HTTS are selected for Type, and is available
only if HTTP Multiplexing is selected.
SSL
Offloading
Select to accelerate clients’ SSL connections to the server by using the FortiGate
unit to perform SSL operations, then select which segments of the connection
will receive SSL offloading.
• Client <-> FortiGate
Select to apply hardware accelerated SSL only to the part of the connection
between the client and the FortiGate unit. The segment between the
FortiGate unit and the server will use clear text communications. This results
in best performance, but cannot be used in failover configurations where the
failover path does not have an SSL accelerator.
• Client <-> FortiGate <-> Server
Select to apply hardware accelerated SSL to both parts of the connection: the
segment between client and the FortiGate unit, and the segment between the
FortiGate unit and the server. The segment between the FortiGate unit and
the server will use encrypted communications, but the handshakes will be
abbreviated. This results in performance which is less than the other option,
but still improved over communications without SSL acceleration, and can be
used in failover configurations where the failover path does not have an SSL
accelerator. If the server is already configured to use SSL, this also enables
SSL acceleration without requiring changes to the server’s configuration.
SSL 3.0, TLS 1.0, and TLS 1.1 are supported.
SSL Offloading appears only if HTTPS or SSL are selected for Type, and only on
FortiGate models with hardware that supports SSL acceleration.
Note: Additional SSL Offloading options are available in the CLI. For more
information, see the FortiGate CLI Reference.
Certificate Select the certificate to use with SSL Offloading. The certificate key size must be
1024 or 2048 bits. 4096-bit keys are not supported.
This option appears only if HTTPS or SSL are selected for Type, and is available
only if SSL Offloading is selected.
Health Check Select which health check monitor configuration will be used to determine a
server’s connectivity status.
For information on configuring health check monitors, see “Configuring health
check monitors” on page 476.
Comments Any comments or notes about this virtual server.
To Next Page
Loading...
Need help?
General