Configuring a Virtual Service
This section describes how to configure a virtual service on the web UI.
Configuring a Virtual Service
- Choose .
- Click Add in Virtual Service List.
- Configure SLB.
Parameter
Description
Name
Name of a virtual server.
Protocol
Protocol type supported by a virtual server.
By default, a virtual server supports all protocols (Any).
The drop-down list lists the protocols supported by the FW:
- TCP
- UDP
- HTTP
- HTTPS
- SSL
- ESP
To improve server security, you are advised to set the protocol type based on services.
SSL Offload Profile
SSL uninstallation profile can be configured only when the protocol is HTTPS.
SSL uninstallation profile can be configured to reduce the SSL encryption/decryption payload of the intranet server and implement refined distribution of HTTPS packets.
By default, the SSL uninstallation profile is "--NONE--". That is, no SSL uninstallation is performed.
Virtual Server IP Address
IP address of a virtual server.
The destination IP address of a service request is the IP address of a virtual server.
Multiple IP addresses can be set for a virtual server to provide services for different network segments.
Virtual Server Port
Port number of a virtual server.
By default, a virtual server uses a random port number (any).
The drop-down list lists the commonly used protocols (SNMP, SNMP-TRAP). The port number is automatically displayed after a protocol is chosen. If other port numbers are used, choose Other in the drop-down list, and fill the port number in the following text box.
NOTE:When the virtual server protocol types are Any and ESP, the port number of the virtual server cannot be configured.
Sticky Session
Sticky session method.
The default sticky session mode is --NONE--. That is, the sticky session function is disabled.
If the virtual server protocol is SSL, the sticky session mode can be SSL Session ID or Source IP. If the virtual server protocol is HTTP or HTTPS (SSL uninstallation is configured for HTTPS), the sticky session mode can be HTTP Cookie or Source IP. If the virtual server protocol is another protocol, the sticky session mode can only be Source IP.
If clients access the server through the proxy or Source NAT, the sticky session mode Source IP is not preferred. If Source IP is set, the connections of all clients are allocated to one real server, causing server load unbalancing.
HTTP Scheduling Policy
Choose an HTTP scheduling policy.
The HTTP scheduling policy configures the scheduling policy based on the matching conditions of the initial field (including URL, Referer, Host, and Cookie) of HTTP and HTTPS. Each virtual server can reference a maximum number of eight HTTP scheduling policy profiles. The priority is matched according to the reference sequence. If an HTTP scheduling policy profile of high priority is matched successfully, it does not go on matching.
The HTTP scheduling policy can be configured only when the protocol is HTTP or HTTPS (SSL uninstallation must be configured for HTTPS).
Real Server Group
Select a real server group.
Associate the virtual server with the real server group.
NOTE:If service traffic matches an HTTP Scheduling Policy, the FW preferentially allocates the service traffic to the real server group configured in the HTTP scheduling policy.
Fallback Host
Configure the fallback host of a virtual server.
When the function is enabled, the device redirects the client-side access requests to the fallback host when no real server is available in the real server group associated with the virtual server.
The fallback host function can be configured only when the virtual server protocol is HTTP or HTTPS (SSL offloading is required for HTTPS).
Keep Client IP Address
After this function is enabled, the FW inserts the X-Forwarded-For field into the HTTP header of each HTTP packet sent from the client. This field carries the real IP address of the client to the real server that supports X-Forwarded-For.
This item can be configured only when the virtual server protocol is HTTP or HTTPS (SSL uninstallation must be configured for HTTPS).
If FW translates the source addresses of the traffic destined to the real server, use the source NAT function of the server load balancing module instead of the global source NAT function. Otherwise, the address stickiness function of the client cannot take effect.
Max. Concurrent Connections
Maximum number of connections on a virtual server.
- Click OK.
Virtual Service List displays the new virtual service.
Virtual Service List
After virtual service is configured, the administrator can view the virtual service and observe traffic processing by the virtual server in the past five minutes under the Virtual Service List.
Within the first five minutes after the server load balancing function is enabled, the parameters under the 5-Minute Statistics are empty; after five minutes, you can click Refresh to display the statistic values. The system automatically collects statistics on the values for the past five minutes every five minutes. You can click Refresh to view the statistics.
Parameter |
Description |
|
|---|---|---|
Name |
Name of a virtual server. |
|
Protocol |
Protocol type supported by a virtual server. |
|
Virtual Server IP Address |
IP address and port number of a virtual server. |
|
5-Minute Statistics |
Traffic |
Service traffic processed by a virtual server in the past five minutes. |
session |
Total number of sessions in a virtual server in the past five minutes. |
|
Concurrent Sessions |
Real-time number of sessions on a virtual server. |
|
Sticky Session |
Sticky session method. |
|
HTTP Scheduling policy |
Name of an HTTP scheduling policy. |
|
Real Server Group |
Name of a real server group. |
|
Max. Concurrent Connections |
Maximum number of connections on a virtual server. |
|
Edit |
Change the configuration of server load balancing. |
|