FortiGate does not work with a load balancer.

Thomasaw · 04-20-2023 12:25 AM

Hi, my fortigate-vm under an LB doesn't work.
It seems FG-VM does not answer to the health check(TCP/80).

■Composition
Internet --- (Public IP) LB (LAN IP) --- (LAN IP) FortiGate-VM

I would like to connect the public IP and see FortiGate web console page.

Can anybody have an idea?

Marvin_Lucero

Hi @Thomasaw ,

What type of load balancer are you using? If you are currently using a TCP load balancer, According to this documentation, you will not be able to set up the port 20443 as they are not supported. I would recommend using a network load balancer instead, as that will allow you to use the ports you specified for the health check.

Thomasaw

Hi @Marvin_Lucero ,

Thank you for your comment. I am using TCP external network load balancing service.

Is it the same as your recommendation LB?

Marvin_Lucero

Hi @Thomasaw ,

No, what you're using, based from the screenshot is a TCP load balancer.

Andrew_Tyt

HI,

I think you forgot to create FW rules for a health check: https://cloud.google.com/load-balancing/docs/firewall-rules and your instance looks down for LB

Best regards

Andrew