Configuring real servers
Firewall Load Balance
FortiGate Version 4.0 Administration Guide
392
01-400-89802-20090424
3
Select OK.
Configuring real servers
Configure a real server to bind it to a virtual server.
To view the real server list, go to
Firewall > Load Balance > Real Server
.
Figure 242: Real server list
SSL Offloading
Select to accelerate clients’ SSL connections to the server by using the
FortiGate unit to perform SSL operations, then select which segments of
the connection will receive SSL offloading.
•
Client <-> FortiGate
Select to apply hardware accelerated SSL only to the part of the
connection between the client and the FortiGate unit. The segment
between the FortiGate unit and the server will use clear text
communications. This results in best performance, but cannot be
used in failover configurations where the failover path does not have
an SSL accelerator.
•
Client <-> FortiGate <-> Server
Select to apply hardware accelerated SSL to both parts of the
connection: the segment between client and the FortiGate unit, and
the segment between the FortiGate unit and the server. The segment
between the FortiGate unit and the server will use encrypted
communications, but the handshakes will be abbreviated. This results
in performance which is less than the other option, but still improved
over communications without SSL acceleration, and can be used in
failover configurations where the failover path does not have an SSL
accelerator. If the server is already configured to use SSL, this also
enables SSL acceleration without requiring changes to the server’s
configuration.
SSL 3.0, TLS 1.0, and TLS 1.1 are supported.
SSL Offloading
appears only if
HTTPS
or
SSL
are selected for
Type
, and
only on FortiGate models with hardware that supports SSL acceleration.
Note
: Additional SSL Offloading options are available in the CLI. For
more information, see the
FortiGate CLI Reference
.
Certificate
Select the certificate to use with
SSL Offloading
. The certificate key size
must be 1024 or 2048 bits. 4096-bit keys are not supported.
This option appears only if
HTTPS
or
SSL
are selected for
Type
, and is
available only if
SSL Offloading
is selected.
Health Check
Select which health check monitor configuration will be used to
determine a server’s connectivity status.
For information on configuring health check monitors, see
health check monitors” on page 393
.
Comments
Any comments or notes about this virtual server.
Create New
Select to add real servers. For more information, see
IP Address
Select the blue arrow beside a virtual server name to view the IP
addresses of the real servers that are bound to it.
Port
The port number on the destination network to which the external port
number is mapped.
Edit
Delete
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...