config : server-policy health
 
server-policy health
Use this command to configure server health checks.
Tests for server responsiveness (called “server health checks” in the web UI) poll web servers that are members of a server pool to determine their availability before forwarding traffic. Server health checks can use TCP, HTTP/HTTPS, or ICMP ECHO_REQUEST (ping).
The FortiWeb appliance polls the server at the frequency set in the interval <seconds_int> option. If the appliance does not receive a reply within the timeout period, and you have configured the health check to retry, it attempts a health check again; otherwise, the server is deemed unresponsive. The FortiWeb appliance reacts to unresponsive servers by disabling traffic to that server until it becomes responsive.
 
If a back-end server will be unavailable for a long period, such as when a server is undergoing hardware repair, it is experiencing extended downtime, or when you have removed a server from the server pool, you can improve the performance of your FortiWeb appliance by disabling the back-end server, rather than allowing the server health check to continue to check for responsiveness. For details, see “config server-policy server-pool”.
To apply server health checks, select them in a server pool configuration. For details, see “config server-policy server-pool”.
To use this command, your administrator account’s access control profile requires either w or rw permission to the traroutegrp area. For more information, see “Permissions”.
Syntax
config server-policy health
edit <health-check_name>
set type {http | ping | tcp}
set interval <seconds_int>
set retry-times <retries_int>
set time-out <seconds_int>
set url-path <request_str>
set regular <regex_pattern>
set trigger <trigger-policy_name>
next
end
Variable
Description
Default
<health-check_name>
Type the name of the server health check. The maximum length is 35 characters.
To display the list of existing server health checks, type:
edit ?
No default.
type {http | ping | tcp}
Type either:
http — Send an HTTP/HTTPS request, and listen for an HTTP/HTTPS response code 200 OK and page content matching url-path <request_str> indicating responsiveness, or timeout indicating that the host is not responsive.
The protocol used depends on whether you enable ssl {enable | disable} for that server in the server farm.
ping — Send ICMP type 8 (ECHO_REQUEST) and listen for either ICMP type 0 (ECHO_RESPONSE) indicating responsiveness, or timeout indicating that the host is not responsive.
tcp — Send TCP SYN and listen for either TCP SYN ACK indicating responsiveness, or timeout indicating that the host is not responsive.
ping
interval <seconds_int>
Type the number of seconds between each server health check. The valid range is from 1 to 10 seconds.
5
retry-times <retries_int>
Type the number of times, if any, a failed health check will be retried before the server is determined to be unresponsive. The valid range is from 1 to 10 retries.
5
time-out <seconds_int>
Type the number of seconds which must pass after the server health check to indicate a failed health check. The valid range is from 1 to 10 seconds.
10
regular <regex_pattern>
Type the content that must be present in the HTTP reply to indicate proper server connectivity. You can use a regular expression. The maximum length is 255 characters.
This option appears only when type is http.
No default.
trigger <trigger-policy_name>
Type the name of the trigger to apply when the health check detects a failed server (see “config log trigger-policy”). The maximum length is 35 characters.
To display the list of existing trigger policies, type:
set trigger ?
No default.
url-path <request_str>
Type the URL, such as /index.html, that will be used in the HTTP/HTTPS GET request to verify the responsiveness of the server.
If the web server successfully returns this URL, and its content matches your expression in regular <regex_pattern>, it is considered to be responsive.
This setting is available when type is http.
No default.
Example
This example configures a server health check that periodically requests the main page of the web site, /index. If a physical server does not successfully return that page (which contains the word “About”) every five seconds (the default), and fails the check at least three times in a row, it will be deemed unresponsive and the FortiWeb appliance will forward subsequent HTTP requests to other physical servers in the server farm.
config server-policy health
edit status_check1
set retry-times 3
set type http
set url-path "/index"
set regular "About"
set trigger-policy "notification-servers1"
next
end
Related topics
config server-policy server-pool
config server-policy policy
config log trigger-policy