- Published on
How to use Fortigate Load Balancer
- Authors
- Name
- Sunway
- 1 Enable Load Balance Feature
- 2 Import a Certificate
- 3 Create a Virtual Server
- Create a http virtual server
- Create a https virtual server
- 4 Redirect http to https
- 5 Use virtual server to create firewall policy
- 6 Add DNS Record
- 7 Summary
1 Enable Load Balance Feature
2 Import a Certificate
You can import your own certificate to implement your custom https connection
3 Create a Virtual Server
Create a http virtual server
If you do not have your own certificate and do not want to use fortigate default certificate, you can set to 
http type Create a https virtual server
If you import your own certificate, your can set to 
https type and select your own certificate; otherwise, your can use fortigate default certificate to implement a https connection SSL Mode:
Client <-> FortiGate: Client(https) --> Fortigate(https) --> Server(http)Full: Client(https) --> Fortigate(https) --> Server(https)
4 Redirect http to https
Add a Firewall Policy to redirect 80 to 443 so that client can auto access to https://uat.example.com from http://uat.example.com
5 Use virtual server to create firewall policy
You must select Proxy-based mode so that you can find virtual server in policy Destination
6 Add DNS Record
Add uat.example.com and prd.example.com's type A resolution to Fortigate WAN IP.
7 Summary
Finally, you can implement an architecture like that:
In my case, the IP 10.210.0.2 is a real server in internal network, but IP 10.210.11.170 is a SLB in AlibabaCloud