Published on

How to use Fortigate Load Balancer

  • avatar

1 Enable Load Balance Feature


2 Import a Certificate

You can import your own certificate to implement your custom https connection


3 Create a Virtual Server

Create a http virtual server

If you do not have your own certificate and do not want to use fortigate default certificate, you can set to http type FortiVirtualServer

Create a https virtual server

If you import your own certificate, your can set to https type and select your own certificate; otherwise, your can use fortigate default certificate to implement a https connection FortiVirtualServerHttps

SSL Mode:

  • Client <-> FortiGate: Client(https) --> Fortigate(https) --> Server(http)
  • Full: Client(https) --> Fortigate(https) --> Server(https)

4 Redirect http to https

Add a Firewall Policy to redirect 80 to 443 so that client can auto access to from


5 Use virtual server to create firewall policy

You must select Proxy-based mode so that you can find virtual server in policy Destination


6 Add DNS Record

Add and's type A resolution to Fortigate WAN IP.

7 Summary

Finally, you can implement an architecture like that:


In my case, the IP is a real server in internal network, but IP is a SLB in AlibabaCloud