Defining your web servers & load balancers : Defining your web servers : Configuring server up/down checks
 
Configuring server up/down checks
Tests for server availability (called “server health checks” in the web UI) poll web servers that are members of a server pool to determine their responsiveness before forwarding traffic. Server health checks can use TCP, HTTP/HTTPS, or ICMP ECHO_REQUEST (ping).
FortiWeb polls the server at the frequency set in the Interval option. If the appliance does not receive a reply within the timeout period, and you have configured the health check to retry, it attempts a health check again; otherwise, the server is deemed unresponsive. The FortiWeb appliance reacts to unresponsive servers by disabling traffic to that server until it becomes responsive.
 
If a web server will be unavailable for a long period, such as when a server is undergoing hardware repair, it is experiencing extended down time, or when you have removed a server from the server pool, you may improve the performance of your FortiWeb appliance by disabling connectivity to the web server, rather than allowing the server health check to continue to check for responsiveness. For details, see “Enabling or disabling traffic forwarding to your servers”.
You can create a health check, use one of the predefined health checks, or clone one of the predefined health checks to use as a starting point for a custom health check. (You cannot modify the predefined health checks.)
To simplify health check creation, FortiWeb provides predefined health checks for each of the available protocols. Each predefined health check contains a single rule that specifies one of the available protocols. For example, instead of creating a health check that uses ICMP, you can apply HLTHCK_IMCP.
HLTHCK_HTTP and HLTHCK_HTTPS health checks test server responsiveness using the HEAD method and listening for the response code 200.
Your health check can use more than protocol to check server responsiveness. You can specify that a server is available if it passes a single test in the list of tests or only if it passes all the tests.
To view the status currently detected by server health checks, use the Policy Status dashboard. For details, see “Policy Status dashboard”.
To configure a server health check
1. Before configuring a server health check, if it requires a trigger, configure the trigger. For details, see “Configuring triggers”.
2. Go to Server Objects > Server > Health Check.
To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Server Policy Configuration category. For details, see “Permissions”.
3. Do one of the following:
To create a health check, click Create New.
To create a health check based on a predefined health check, select a predefined health check, click Clone, and then enter a name for the new health check.
4. Configure these settings:
Setting name
Description
Name
Type a unique name that can be referenced in other parts of the configuration. Do not use spaces or special characters. The maximum length is 35 characters.
Note: The name cannot be changed after this part of the configuration is saved. To rename a part of the configuration, clone it, select it in all parts of the configuration that reference the old name, then delete the item with the old name.
Relationship
And — FortiWeb considers the server to be responsive when it passes all the tests in the list.
Or — FortiWeb considers the server to be responsive when it passes at least one of the tests in the list.
Trigger Policy
Select the name of a trigger, if any, that FortiWeb uses to log or notify an administrator if a server becomes unresponsive.
5. Click OK.
6. In the rule list, do one of the following:
To add a rule, click Create New.
To modify a rule, select it, and then click Edit.
7. Configure the following settings:
Setting name
Description
Protocol Type
Select the protocol that the server health check uses to contact the server.
ICMP — Send ICMP type 8 (ECHO_REQUEST or “ping”) and listen for either ICMP type 0 (ECHO_RESPONSE or “pong”) indicating responsiveness, or timeout indicating that the host is not responsive.
TCP — Send TCP SYN and listen for either TCP SYN ACK indicating responsiveness, or timeout indicating that the host is not responsive.
HTTP/HTTPS — Send an HTTP or HTTPS request and listen for a response that matches the values required by the specified Match Typeor timeout indicating that the host is not responsive.
The protocol to use depends on whether you enable SSL for that server in the server pool. Contact occurs on the protocol and port number specified for that web server in the server pool.
URL Path
Type the URL, such as /index.html, that the HTTP or HTTPS request uses to verify the responsiveness of the server.
If the web server successfully returns this URL and its content matches your expression in Matched Content, it is considered to be responsive.
This option appears only if Protocol Type is HTTP or HTTPS. The maximum length is 127 characters.
Timeout
Type the maximum number of seconds that can pass after the server health check. If the web server exceeds this limit, it fails the health check.
Valid values are 1 to 30. Default value is 3.
Retry Times
Type the number of times, if any, that FortiWeb retries a server health check after failure. If the web server fails the server health check this number of times consecutively, it is considered to be unresponsive.
Valid values are 1 to 10. Default value is 3.
Interval
Type the number of seconds between each server health check.
Valid values are 1 to 300. Default value is 10.
Method
Specify whether the health check uses the HEAD, GET, or POST method.
Available only when Protocol Type is HTTP or HTTPS.
Match Type
Matched Content — If the web server successfully returns the URL specified by URL Path and its content matches the Matched Content value, FortiWeb considers the server to be responsive.
Response Code — If the web server successfully returns the URL specified by URL Path and the code specified by Response Code, FortiWeb considers the server to be responsive.
All — If the web server successfully returns the URL specified by URL Path and its content matches the Matched Content value, and the code specified by Response Code, FortiWeb considers the server to be responsive.
Available only when Protocol Type is HTTP or HTTPS.
Matched Content
Enter one of the following values:
The exact reply that indicates that the server is available.
A regular expression that matches the required reply.
This value prevents the test from falsely indicating that the server is available when it has actually replied with an error page, such as the one produced by Tomcat when a JSP application is not available.
To create and test a regular expression, click the >> (test) icon. This opens a Regular Expression Validator window where you can fine-tune the expression (see “Regular expression syntax”) .
Available only if Protocol Type is HTTP or HTTPS and Match Type is All or Matched Content.
Response Code
Enter the response code that you require the server to return to confirm that it is available.
Available only if Protocol Type is HTTP or HTTPS and Match Type is All or Response Code.
8. Click OK to save the settings and close the rule.
9. Add any additional tests you want to include in the health check by adding additional rules.
10. Click OK to save and close the health check.
11. To use the server health check to monitor availability of the members in a server pool, select it in the server pool or server pool member configuration (see “Creating a server pool”).
See also
IPv6 support
Configuring a server policy
Creating a server pool