Recommended configuration for traffic that cannot be load balanced
Getting started with FortiGate-7000
set forward-slot master
set priority 5
set comment "ike"
next
edit 2
set status disable
set vlan 0
set ether-type ip
set protocol udp
set src-l4port 4500-4500
set dst-l4port 0-0
set action forward
set forward-slot master
set priority 5
set comment "ike-natt src"
next
edit 3
set status disable
set vlan 0
set ether-type ip
set protocol udp
set src-l4port 0-0
set dst-l4port 4500-4500
set action forward
set forward-slot master
set priority 5
set comment "ike-natt dst"
next
Recommended configuration for traffic that cannot be load balanced
The following flow rules are recommended to handle common forms of traffic that cannot be load balanced.
These flow rules send GPRS (port 2123), SSL VPN, IPv4 and IPv6 IPsec VPN, ICMP and ICMPv6 traffic to the
primary (or master) FPM.
The CLI syntax below just shows the configuration changes. All other options are set to their defaults. For
example, the flow rule option that controls the FPM slot that sessions are sent to is
forward-slot
and in all
cases below
forward-slot
is set to its default setting of
master
. This setting sends matching sessions to the
primary (or master) FPM.
config load-balance flow-rule
edit 20
set status enable
set ether-type ipv4
set protocol udp
set dst-l4port 2123-2123
next
edit 21
set status enable
set ether-type ip
set protocol tcp
set dst-l4port 10443-10443
set comment "ssl vpn to the primary FPM"
next
edit 22
37
FortiGate-7000
Fortinet Technologies Inc.