If you expect a backend server is going to be unavailable for a long period, such as when it is undergoing hardware repair, it is experiencing extended down time, or when you have removed it from the server farm, you can improve the performance of the FortiADC system by setting the status of the pool member to Disabled, rather than allowing the system to continue to attempt health checks. |
Predefined | Description |
LB_HLTHCK_HTTP | Sends a HEAD request to the server port 80. Expects the server to return an HTTP 200. |
LB_HLTHCK_HTTPS | Sends a HEAD request to the server port 443. Expects the server to return an HTTP 200. |
LB_HLTHCK_ICMP | Pings the server. |
LB_HLTHCK_TCP_ECHO | Sends a TCP echo to server port 7. Expects the server to respond with the corresponding TCP echo. |
Settings | Guidelines |
General | |
<name> | Configuration name. No spaces or special characters. After you initially save the configuration, you cannot edit the name. |
type | Specify the health check type. After you have specified the type, the CLI commands are constrained to the ones that are applicable to the specified type, not all of the settings described in this table. |
dest-addr | Optional. If no destination IP address is specified, the real server health check is sent to the real server IP address and the gateway link health check is sent to the ISP link IP address. If you are creating rules that test related servers or a test to a “beacon” server, specify the destination IP address. If testing an HTTP proxy, specify the proxy address, not the remote server address. |
dest-addr-type | • IPv4 • IPv6 |
interval | Seconds between each health check. Should be more than the timeout to prevent overlapping health checks. The default is 10. |
retry | Attempts to retry the health check to confirm availability. The default is 1. |
timeout | Seconds to wait for a reply before assuming that the health check has failed. The default is 5. |
up-retry | Attempts to retry the health check to confirm availability. The default is 1. |
ICMP | |
No specific options | Simple ping to test connectivity. |
TCP / TCP Half Open / TCP SSL | |
port | Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161 or 162. |
HTTP/HTTPS | |
port | Listening port number of the backend server. Usually HTTP is 80. If testing an HTTP proxy server, specify the proxy port. |
method-type | HTTP method for the test traffic: • HTTP GET—Send an HTTP GET request to the server. A response to an HTTP GET request includes HTTP headers and HTTP body. • HTTP HEAD—Send an HTTP HEAD request. A response to an HTTP HEAD request includes HTTP headers only. |
send-string | The request URL, such as /contact.php. |
receive-string | A string expected in return when the HTTP GET request is successful. |
status-code | The health check sends an HTTP request to the server. Specify the HTTP status code in the server reply that indicates a successful test. Typically, you use status code 200 (OK). Other status codes indicate errors. |
match-type | What determines a failed health check? • Match String • Match Status • Match All (match both string and status) Not applicable when using HTTP HEAD. HTTP HEAD requests test status code only. |
http-connect | If the real server pool members are HTTP proxy servers, specify an HTTP CONNECT option. • local_connect—Use HTTP CONNECT to test the tunnel connection through the proxy to the remote server. The member is deemed available if the request returns status code 200 (OK). • remote_connect—Use HTTP CONNECT to test both the proxy server response and remote server application availability. If you select this option, you can configure an HTTP request within the tunnel. For example, you can configure an HTTP GET/HEAD request to the specified URL and the expected response. • no_connect—Do not use the HTTP CONNECT method. This option is the default. The HTTP CONNECT option is useful to test the availability of proxy servers only. |
remote-host | If you use HTTP CONNECT to test proxy servers, specify the remote server IP address. |
remote-port | If you use HTTP CONNECT to test proxy servers, specify the remote server port. |
DNS | |
port | Listening port number of the backend server. Usually DNS is 53. |
addr-type | • IPv4 • IPv6 |
domain-name | The FQDN, such as www.example.com, to use in the DNS A/AAAA record health check. |
host-addr | IP address that matches the FQDN, indicating a successful DNS health check. |
RADIUS / RADIUS Accounting | |
port | Listening port number of the backend server. Usually RADIUS is 1812 and RADIUS accounting is 1813. |
nas-ip | NAS IP address. |
username | User name of an account on the backend server. |
password | The corresponding password. |
password-type | • User—If the backend server does not use CHAP, select this option. • CHAP—If the backend server uses CHAP and does not require a secret key, select this option. |
secret-key | The secret set on the backend server. |
SMTP | |
port | Listening port number of the backend server. Usually SMTP is 25. |
domain-name | The FQDN, such as www.example.com, to use in the SMTP health check. |
POP3 | |
port | Listening port number of the backend server. Usually POP3 is 110. |
username | User name of an account on the backend server. |
password | The corresponding password. |
IMAP4 | |
port | Listening port number of the backend server. Usually IMAP4 is 143. |
username | User name of an account on the backend server. |
password | The corresponding password. |
folder | Specify a mail folder name. The default is INBOX. |
FTP | |
port | Listening port number of the backend server. Usually FTP is 21. |
username | User name of an account on the backend server. |
password | The corresponding password. |
file | Specify a file that exists on the backend server. Path is relative to the initial login path. If the file does not exist or is not accessible, the health check fails. |
passive | Select this option if the backend server uses passive FTP. |
SNMP | |
port | Listening port number of the backend server. Usually SNMP is 161. |
agent-type | • UCD • Windows 2000 |
community | The SNMP community string set on the backend server. If this does not match, and the appliance is not configured as an SNMP manager for the backend server, all health checks fail. |
cpu | Maximum normal CPU usage. If overburdened, the health check fails. |
disk | Maximum normal disk usage. If the disk is too full, the health check fails. |
mem | Maximum normal RAM usage. If overburdened, the health check fails. |
version | SNMP v1 or v2c. |
SSH | |
port | Listening port number of the backend server. Usually SSH is 22. |
username | Username for test login. |
password | Corresponding password. |
L2 Detection | |
No specific options | Link Layer health checker. Sends ARP (IPv4) or NDP (IPv6) packets to test whether a physically connected system is available. |