config : server-policy health
 
server-policy health
Use this command to configure server health checks.
Tests for server responsiveness (called “server health checks” in the web UI) poll web servers that are members of a server pool to determine their availability before forwarding traffic. Server health checks can use TCP, HTTP/HTTPS, or ICMP ECHO_REQUEST (ping).
The FortiWeb appliance polls the server at the frequency set in the interval <seconds_int> option. If the appliance does not receive a reply within the timeout period, and you have configured the health check to retry, it attempts a health check again; otherwise, the server is deemed unresponsive. The FortiWeb appliance reacts to unresponsive servers by disabling traffic to that server until it becomes responsive.
 
If a back-end server will be unavailable for a long period, such as when a server is undergoing hardware repair, it is experiencing extended downtime, or when you have removed a server from the server pool, you can improve the performance of your FortiWeb appliance by disabling the back-end server, rather than allowing the server health check to continue to check for responsiveness. For details, see “config server-policy server-pool”.
To apply server health checks, select them in a server pool configuration. For details, see “config server-policy server-pool”.
To use this command, your administrator account’s access control profile requires either w or rw permission to the traroutegrp area. For more information, see “Permissions”.
Syntax
config server-policy health
edit <health-check_name>
set trigger <trigger-policy_name>
set relationship {and |or}
configure health-list
edit <entry_index>
set type {icmp | tcp | http | https}
set time-out <seconds_int>
set retry-times <retries_int>
set interval <seconds_int>
set url-path <request_str>
set method {get | head | post}
set match-type {response-code | match-content | all}
set response-code {response-code_int}
set match-content {match-content_str}
next
end
 
Variable
Description
Default
<health-check_name>
Type the name of the server health check. The maximum length is 35 characters.
To display the list of existing server health checks, type:
edit ?
No default.
trigger <trigger-policy_name>
Type the name of the trigger to apply when the health check detects a failed server (see “config log trigger-policy”). The maximum length is 35 characters.
To display the list of existing trigger policies, type:
set trigger ?
No default.
relationship {and |or}
and — FortiWeb considers the server to be responsive when it passes all the tests in the list.
or — FortiWeb considers the server to be responsive when it passes at least one of the tests in the list.
and
<entry_index>
Type the index number of the individual rule in the table. The valid range is from 1 to 16.
No default.
type {icmp | tcp | http | https}
icmp — Send ICMP type 8 (ECHO_REQUEST) and listen for either ICMP type 0 (ECHO_RESPONSE) indicating responsiveness, or timeout indicating that the host is not responsive.
tcp — Send TCP SYN and listen for either TCP SYN ACK indicating responsiveness, or timeout indicating that the host is not responsive.
http — Send an HTTP request and listen for the code specified by response-code, the page content specified by match-content, or both the code and the content, or timeout indicating that the host is not responsive.
Apply to server pool members only if the SSL setting for the member is disabled.
http — Send an HTTP request and listen for the code specified by response-code, the page content specified by match-content, or both the code and the content, or timeout indicating that the host is not responsive.
Apply to server pool members only if the SSL setting for the member is enabled.
ping
time-out <seconds_int>
Type the number of seconds which must pass after the server health check to indicate a failed health check. The valid range is from 1 to 10 seconds.
3
retry-times <retries_int>
Type the number of times, if any, a failed health check will be retried before the server is determined to be unresponsive. The valid range is from 1 to 10 retries.
3
interval <seconds_int>
Type the number of seconds between each server health check. The valid range is from 1 to 10 seconds.
10
url-path <request_str>
Type the URL, such as /index.html, that FortiWeb uses in the HTTP/HTTPS request to verify the responsiveness of the server.
If the web server successfully returns this URL, and its content matches the expression specified by match-content, FortiWeb considers it to be responsive.
Available when type is http or https.
No default.
method {get | head | post}
Specify whether the health check uses the HEAD, GET, or POST method.
Available when type is http or https.
get
match-type {response-code | match-content | all}
response-code — If the web server successfully returns the URL specified by url-path and the code specified by response-code, FortiWeb considers the server to be responsive.
match-content — If the web server successfully returns the URL specified by url-path and its content matches the match-content value, FortiWeb considers the server to be responsive.
all — If the web server successfully returns the URL specified by url-path and its content matches the match-content value, and the code specified by response-code, FortiWeb considers the server to be responsive.
Available when type is http or https.
match-content
response-code {response-code_int}
Enter the response code that you require the server to return to confirm that it is available, if match-type is response-code or all.
Available when type is http or https.
200
match-content {match-content_str}
Enter a regular expression that matches the content that must be present in the HTTP reply to indicate proper server connectivity, if match-type is match-content or all.
Available when type is http or https.
No default.
Example
This example configures a server health check that periodically requests the main page of the web site, /index. If a physical server does not successfully return that page (which contains the word “About”) every 10 seconds (the default), and fails the check at least three times in a row, FortiWeb considers it unresponsive and forwards subsequent HTTP requests to other physical servers in the server farm.
config server-policy health
edit status_check1
set trigger-policy "notification-servers1"
configure health-list
edit 1
set type http
set retry-times 3
set url-path "/index"
set method get
set match-type match-content
set regular "About"
next
end
Related topics
config server-policy server-pool
config server-policy policy
config log trigger-policy