Scribd
Upload
795 views2 pages

How To Install FortiADC in One Arm Mode

- The FortiGate acts as the default gateway for servers. Only load balancing traffic is sent to the FortiADC. - The FortiADC acts as a reverse proxy, NATing the client source address and load balancing traffic between web servers. - You can configure FortiADC to write the original client IP address to the X-Forwarded-For header for server logging.

Uploaded by

Jaures
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
795 views2 pages

How To Install FortiADC in One Arm Mode

- The FortiGate acts as the default gateway for servers. Only load balancing traffic is sent to the FortiADC. - The FortiADC acts as a reverse proxy, NATing the client source address and load balancing traffic between web servers. - You can configure FortiADC to write the original client IP address to the X-Forwarded-For header for server logging.

Uploaded by

Jaures
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

FortiGate is the default gateway of the servers.

Only load balancing traffic is


sent to the FortiADC.
l Clients send HTTP requests to the FortiADC virtual server IP address (ex.
10.10.10.10). FortiADC acts as a reverse
proxy: it NATs the source address, opens new HTTP connections, and load balances
the traffic between the Web
Servers.
l You can configure a FortiADC profile option to write the original source IP
address to the X-Forwarded-For header.
You can configure the real server logging to write the X-Forwarded-For field.

Benefits
l No network changes needed
l Easy to test and deploy
Cautions
l Lose client IP address visibility
l Requires source pool NAT on FortiADC

Basic configuration
config system global
set hostname FortiADC-VM
end
config system interface
edit "port1"
set vdom root
set ip 192.168.1.1/24
set allowaccess https ping ssh http
config ha-node-ip-list
end
next
end
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
end
config system admin
edit "admin"
set is-system-admin yes
set vdom root
set access-profile super_admin_prof
next
end
config load-balance ippool
edit "NAT"
set interface port1
set ip-min 192.168.1.3
set ip-max 192.168.1.3
config node-member
end
next
end
config load-balance pool
edit "Web_Group"
set health-check-ctrl enable
set health-check-list LB_HLTHCK_ICMP
config pool_member
edit 1
set ip 192.168.1.100
next
edit 2
set ip 192.168.1.101
next
edit 3

set ip 192.168.1.102
next
end
next
end
config load-balance virtual-server
edit "Web_VIP"
set packet-forwarding-method FullNAT
set interface port1 set ip 192.168.1.2
set load-balance-profile LB_PROF_TCP
set load-balance-method LB_METHOD_ROUND_ROBIN
set load-balance-pool Web_Group
set ippool NAT
set traffic-log enable
next
end

You might also like