config load-balance : config load-balance health-check
 
config load-balance health-check
Use this command to create health check configuration objects.
The system uses health checks to poll the backend real servers to test whether an application is available. If a server fails a health check and retries also fail, it is deemed unavailable. The ADC does not send it connections until it is deemed available.
 
If you expect a backend server is going to be unavailable for a long period, such as when it is undergoing hardware repair, it is experiencing extended down time, or when you have removed it from the server farm, you can improve the performance of the FortiADC system by setting the status of the pool member to Disabled, rather than allowing the system to continue to attempt health checks.
Table 8 describes the predefined health checks. You can get started with these or create custom objects.
Table 8: Predefined health check configuration objects
Predefined
Description
LB_HLTHCK_HTTP
Sends a HEAD request to the server port 80. Expects the server to return an HTTP 200.
LB_HLTHCK_HTTPS
Sends a HEAD request to the server port 443. Expects the server to return an HTTP 200.
LB_HLTHCK_ICMP
Pings the server.
LB_HLTHCK_TCP_ECHO
Sends a TCP echo to server port 7. Expects the server to respond with the corresponding TCP echo.
Before you begin:
You must have a good understanding of TCP/IP and knowledge of the services running on your backend servers.
You must know the IP address, port, and configuration details for the applications running on backend servers. For some application protocol checks, you must specify user credentials.
You must have read-write permission for load balancing settings.
After you have configured a health check, you can select it in the real server configuration.
Syntax
config load-balance health-check
edit <name>
set type {dns | ftp | http | https | icmp | imap4 | pop3 | radacct | radius | smtp | snmp | tcp | tcp-echo | tcphalf | tcpssl}
set interval <integer>
set retry <integer>
set timeout <integer>
set up-retry <integer>
set addr-type {ivp4|ipv6}
set domain-name <string>
set host-addr <class_ip>
set port <integer>
set file <string>
set passive {enable|disable}
set username <string>
set password <passwd>
set match-type {match_all | match_status | match_string}
set method-type {http_get | http_head}
set send-string <string>
set receive-string <string>
set status-code <integer>
set nas-ip <string>
set password-type {user-password | chap-password}
set secret-key <string>
set agent-type {UCD|WIN2000}
set community <string>
set cpu <integer>
set disk <integer>
set mem <integer>
set version {v1|v2c}
next
end
type
Specify the health check type. After you have specified the type, the CLI commands are constrained to the ones that are applicable to the specified type, not all of the settings described in this table.
interval
Seconds between each health check. Should be more than the timeout to prevent overlapping health checks. The default is 10.
retry
Attempts to retry the health check to confirm availability. The default is 1.
timeout
Seconds to wait for a reply before assuming that the health check has failed. The default is 5.
up-retry
Attempts to retry the health check to confirm availability. The default is 1.
addr-type
IPv4
IPv6
domain-name
The FQDN, such as www.example.com, to use in the SMTP or DNS A/AAAA record health check.
host-addr
IP address that matches the FQDN, indicating a successful DNS health check.
port
Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161 or 162.
file
Specify a file that exists on the backend server. Path is relative to the initial login path. If the file does not exist or is not accessible, the health check fails.
passive
Enable this option if the backend server uses passive FTP.
username
User name of an account on the backend server.
password
The corresponding password.
match-type
What determines a failed health check?
Match String
Match Status
Match All (match both string and status)
method-type
HTTP method for the test traffic:
HTTP Get
HTTP Head
send-string
A URL, such as /contact.php.
receive-string
A string expected in return when the request is successful.
status-code
HTTP status code that the server replies with when the request is successful. Except 200 (OK), most statuses indicate errors.
nas-ip
IP address for RADIUS server.
password-type
User—If the backend server does not use CHAP, select this option.
CHAP—If the backend server uses CHAP and does not require a secret key, select this option.
secret-key
The secret set on the backend server.
agent-type
UCD
Windows 2000
community
The SNMP community string set on the backend server. If this does not match, and the appliance is not configured as an SNMP manager for the backend server, all health checks fail.
cpu
Maximum normal CPU usage. If overburdened, the health check fails.
disk
Maximum normal disk usage. If the disk is too full, the health check fails.
mem
Maximum normal RAM usage. If overburdened, the health check fails.
version
SNMP v1 or v2c.
Example
FortiADC-VM # config load-balance health-check
FortiADC-VM (health-check) # edit lb-health-check
Add new entry 'lb-health-check' for node 1669
FortiADC-VM (lb-health~c) # set type ?
dns dns
ftp ftp
http http
https https
icmp icmp
imap4 imap4
pop3 pop3
radacct radacct
radius radius
smtp smtp
snmp snmp
tcp tcp
tcp-echo tcp-echo
tcphalf tcphalf
tcpssl tcpssl
FortiADC-VM (lb-health~c) # set type snmp
FortiADC-VM (lb-health~c) # get
type : snmp
interval : 10
timeout : 5
retry : 1
up-retry : 1
port : 0
cpu : 96
mem : 96
disk : 96
agent-type : UCD
community :
version : v1
FortiADC-VM (lb-health~c) # set community community-string
FortiADC-VM (lb-health~c) # set port 161
FortiADC-VM (lb-health~c) # set cpu 50
FortiADC-VM (lb-health~c) # set mem 50
FortiADC-VM (lb-health~c) # set disk 50
FortiADC-VM (lb-health~c) # get
type : snmp
interval : 10
timeout : 5
retry : 1
up-retry : 1
port : 161
cpu : 50
mem : 50
disk : 50
agent-type : UCD
community : community-string
version : v1
FortiADC-VM (lb-health~c) # end