FortiADC

Layer 2 ADC

Features

  • IPv4 only

  • Balances traffic among multiple next hop gateways

  • HTTP content inspection and modification like Layer7 load Balancing

  • Useful when the ADC doesn't know the real server IP addresses


Layer 4 Virtual Servers

Features

  • IPv4 and v6

  • Fast inspection (processed on the first packet)

  • Persistence (based on L4 objects like IP addresses)

  • Load Balancing (based on L4 objects like IP addresses)

  • NAT (based on L4 objects like IP addresses)

Destination NAT is the default method of forwarding the traffic

**

Layer 4 ADC simply forwards the traffic to the real server and doesn't terminate the TCP handshake!

Layer 7 Virtual Servers

Features

  • IPv4 and v6

  • slower inspection then Layer 4

  • HTTP content inspection and modification

  • Persistence

  • Load balancing

  • routing based on L7 objects (headers, cookies, etc)


**

Layer 2 and 7 ADC proxies the TCP connection !

Virtual Server objects


  • Virtual Server (Mandatory)

  • Real Server Pool (Mandatory)

  • Real Servers (Mandatory)

  • Health Check (Optional)

  • Load Balancing Method (Mandatory)

  • Application Profile (Mandatory)

    • HTTP caching (Optional)

    • HTTP compression (Optional)

  • Server Persistence (Optional)

  • Content Routing (Optional)

  • HTTP content rewrite (Optional)

  • HTTP error page (Optional)

Health Check Methods

ICMP / TCP echo

  • Send an ICMP / TCP echo request and waits for a response

HTTP/S

  • queries the sever by sending either a GET or a HEAD request

  • Response content can be evaluated

TCP

  • Confirms that the TCP 3-way handshake can be completed to a specific TCP port

DNS

  • Send a DNS A record request and expects a specific IP address as a response

Radius / Radius Accounting / SMTP /POP3 / IMAP4

  • Log in to the server usinf a specified protocol

FTP

  • checks for a specific file on the FTP server

SNMP

  • polls the server for CPU, memory and disk usage. The server is deemed unresponsive if it does not reply, or if any of those usage values goes above a preconfigured threshold.

TCP Half Open

  • Send a SYN and waits for a SYN/ACK. When its recieved, RST is sent

TCP SSL

  • Establishes SSL connection. The result of the SSL connection determines the status of the server

  • Can be used for any SSL-based protocol

Application Profiles

TCP, UDP and FTP profiles

  • need to have a session timeout value

HTTP profile

  • (client address )By default it uses the client IP to setup the connection with the backend server

  • (client address )If x-forward for is enabled, FortiADC uses it to setup the connection with the backend server

  • disbaling this causes FortiADC to use its own address (SourceNAT)

HTTP Turbo

  • can't use advanced features such as source NAT, caching, compression, rate limiting, content rewrite.



Load Balancing Methods

Error Page

  • Can only be used with layer 7 virtual servers

  • web page needs to be uploaded as a html.index with a zip file

Global Server Load Balancing GSLB

ssssssssssssdd

sddddddddddd

ssssssssssssssd

ddddddd