If you expect a backend server is going to be unavailable for a long period, such as when it is undergoing hardware repair, it is experiencing extended down time, or when you have removed it from the server farm, you can improve the performance of the FortiADC system by setting the status of the pool member to Disabled, rather than allowing the system to continue to attempt health checks. |
Predefined | Description |
LB_HLTHCK_HTTP | Sends a HEAD request to the server port 80. Expects the server to return an HTTP 200. |
LB_HLTHCK_HTTPS | Sends a HEAD request to the server port 443. Expects the server to return an HTTP 200. |
LB_HLTHCK_ICMP | Pings the server. |
LB_HLTHCK_TCP_ECHO | Sends a TCP echo to server port 7. Expects the server to respond with the corresponding TCP echo. |
• ICMP • TCP Echo • TCP • HTTP • HTTPS • DNS • RADIUS • SMTP • POP3 | • IMAP4 • RADIUS Accounting • FTP • TCP Half Open • TCP SSL • SNMP • SSH • L2 Detection |
You can clone a predefined configuration object to help you get started with a user-defined configuration. To clone a configuration object, click the clone icon that appears in the tools column on the configuration summary page. |
Settings | Guidelines |
General | |
Name | Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. After you initially save the configuration, you cannot edit the name. |
Destination Address Type | • IPv4 • IPv6 |
Destination Address | IP address to send health check traffic. In server load balancing deployments, if you do not specify an IP address, the real server IP address is used. You might configure IP address for a health check if you are configuring a combination of health checks to poll related servers. In link load balancing deployments, if you do not specify an IP address, the destination IP address is the address of the gateway. You can configure IP address if you want to test connectivity to a beacon on the other side of the gateway, or if you want to test whether service traffic is allowed to pass through the link. |
Interval | Seconds between each health check. Should be more than the timeout to prevent overlapping health checks. The default is 10. |
Timeout | Seconds to wait for a reply before assuming that the health check has failed. The default is 5. |
Up Retry | Attempts to retry the health check to confirm availability. The default is 1. |
Down Retry | Attempts to retry the health check to confirm availability. The default is 1. |
ICMP | |
No specific options | Simple ping to test connectivity. |
TCP / TCP Half Open / TCP SSL | |
Port | Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161. |
HTTP/HTTPS | |
Port | Listening port number of the backend server. Usually HTTP is 80. |
Send String | A URL, such as /contact.php. |
Receive String | A string expected in return when the request is successful. |
Status Code | The health check sends an HTTP request to the server. Specify the HTTP status code in the server reply that indicates a successful test. Typically, you use status code 200 (OK). Other status codes indicate errors. |
Match Type | What determines a failed health check? • Match String • Match Status • Match All (match both string and status) |
Method Type | HTTP method for the test traffic: • HTTP Get • HTTP Head |
DNS | |
Domain Name | The FQDN, such as www.example.com, to use in the DNS A/AAAA record health check. |
Address Type | • IPv4 • IPv6 |
Host Address | IP address that matches the FQDN, indicating a successful health check. |
RADIUS / RADIUS Accounting | |
Port | Listening port number of the backend server. Usually RADIUS is 1812 and RADIUS accounting is 1813. |
Username | User name of an account on the backend server. |
Password | The corresponding password. |
Password Type | • User—If the backend server does not use CHAP, select this option. • CHAP—If the backend server uses CHAP and does not require a secret key, select this option. |
Secret Key | The secret set on the backend server. |
NAS IP Address | NAS IP address RADIUS attribute (if the RADIUS server requires this attribute to make a connection). |
SMTP | |
Port | Listening port number of the backend server. Usually SMTP is 25. |
Domain Name | The FQDN, such as www.example.com, to use in the SMTP HELO request used for health checks. If the response is OK (250), the server is considered as up. If there is error response (501) or no response at all, the server is considered down. |
POP3 | |
Port | Listening port number of the backend server. Usually POP3 is 110. |
Username | User name of an account on the backend server. |
Password | The corresponding password. |
IMAP4 | |
Port | Listening port number of the backend server. Usually IMAP4 is 143. |
Username | User name of an account on the backend server. |
Password | The corresponding password. |
Folder | Select an email mailbox to use in the health check. If the mailbox does not exist or is not accessible, the health check fails. The default is INBOX. |
FTP | |
Port | Listening port number of the backend server. Usually FTP is 21. |
User name | User name of an account on the backend server. |
Password | The corresponding password. |
File | Specify a file that exists on the backend server. Path is relative to the initial login path. If the file does not exist or is not accessible, the health check fails. |
Passive | Select this option if the backend server uses passive FTP. |
SNMP | |
Port | Listening port number of the backend server. Usually SNMP is 161 or 162. |
CPU % | Maximum normal CPU usage. If overburdened, the health check fails. |
Memory % | Maximum normal RAM usage. If overburdened, the health check fails. |
Disk % | Maximum normal disk usage. If the disk is too full, the health check fails. |
Agent type | • UCD • Windows 2000 |
Community | The SNMP community string set on the backend server. If this does not match, and the appliance is not configured as an SNMP manager for the backend server, all SNMP health checks fail. |
Version | SNMP v1 or v2c. |
SSH | |
Port | Listening port number of the backend server. Usually SSH is 22. |
Username | Username for test login. |
Password | Corresponding password. |
L2 Detection | |
No specific options | Link Layer health checker. Sends ARP (IPv4) or NDP (IPv6) packets to test whether a physically connected system is available. |