Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 5.3.0 Handbook
    5.3.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Configuring health checks

    Configuring health checks

    In server load balancing deployments, the system uses health checks to poll the members of the real server pool to test whether an application is available. You can also configure additional health checks to poll related servers, and you can include results for both in the health check rule. For example, you can configure an HTTP health check test and a RADIUS health check test. In a web application that requires user authentication, the web server is deemed available only if the web server and the related RADIUS server pass the health check.

    In link load balancing deployments, the health check can poll either the ISP link group member itself or a “beacon” server that is deployed on the other side of the ISP link. A beacon is an IP address that must be reachable in order for the link to be deemed available. A beacon can be any IP address, such as a main office, core router, or virtual server at another data center.

    If you expect a backend server is going to be unavailable for a long period, such as when it is undergoing hardware repair, it is experiencing extended down time, or when you have removed it from the server farm, you can improve the performance of the FortiADC system by setting the status of the pool member to Disabled, rather than allowing the system to continue to attempt health checks.

    Predefined health check configuration objects describes the predefined health checks. You can get started with these or create custom objects.

    Predefined health check configuration objects
    Predefined Description

    LB_HLTHCK_HTTP

    Sends a HEAD request to the server port 80. Expects the server to return an HTTP 200.

    LB_HLTHCK_HTTPS

    Sends a HEAD request to the server port 443. Expects the server to return an HTTP 200.

    LB_HLTHCK_ICMP

    Pings the server.

    LB_HLTHCK_TCP_ECHO

    Sends a TCP echo to server port 7. Expects the server to respond with the corresponding TCP echo.

    Before you begin:

    • You must have a good understanding of TCP/IP and knowledge of the services running on your backend servers.
    • You must know the IP address, port, and configuration details for the applications running on backend servers. For some application protocol checks, you must specify user credentials.
    • You must have Read-Write permission for Load Balance settings.

    After you have configured a health check, you can select it in the SLB server pool, LLB link group, or GLB server configuration.

    To configure a health check:
    1. Go to Shared Resources > Health Check.
    2. Click Create New to display the configuration editor.
    3. Select one of the following options:
      • ICMP
      • TCP Echo
      • TCP
      • HTTP
      • HTTPS
      • DNS
      • RADIUS
      • SMTP
      • POP3
      • IMAP4
      • RADIUS Accounting
      • FTP
      • Oracle
      • TCP Half Open Connection
      • TCP SSL
      • SNMP
      • SSH
      • L2 Detection
      • UDP
      • SIP
      • SIP-TCP
      • SNMP-Custom
      • RSTP
      • MySQL
      • Diameter
    4. Complete the configuration as described in Health check configuration.
    5. Save the configuration.

    You can clone a predefined configuration object to help you get started with a user-defined configuration.

    To clone a configuration object, click the clone icon that appears in the tools column on the configuration summary page.

    Health check configuration
    Settings Guidelines

    General

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    After you initially save the configuration, you cannot edit the name.

    Type

    Select a type of health check.

    Destination Address Type
    • IPv4
    • IPv6

    Destination Address

    IP address to send health check traffic.

    In server load balancing deployments, if you do not specify an IP address, the real server IP address is used. You might configure IP address for a health check if you are configuring a combination of health checks to poll related servers.

    In link load balancing deployments, if you do not specify an IP address, the destination IP address is the address of the gateway. You can configure IP address if you want to test connectivity to a beacon on the other side of the gateway, or if you want to test whether service traffic is allowed to pass through the link.

    Hostname

    For HTTP or HTTPS health checks, you can specify the hostname (FQDN) instead of the destination IP address. This is useful in VM environments where multiple applications have the same IP address.

    Interval

    Seconds between each health check. Should be more than the timeout to prevent overlapping health checks. The default is 10.

    Timeout

    Seconds to wait for a reply before assuming that the health check has failed. The default is 5.

    Up Retry

    Attempts to retry the health check to see if a down server has become available. The default is 1.

    Down Retry

    Attempts to retry the health check to see if an up server has become unavailable. The default is 1.

    Specifics

    ICMP

    No specific options

    Simple ping to test connectivity.

    TCP Echo

    No specific options

    Simple ping to test connectivity.

    TCP / TCP Half Open Connection / UDP

    Port

    Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161.

    TCP SSL

    Port

    Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161.

    SSL Ciphers

    Default selections are recommended.

    Local Cert

    For TCP SSL only. Click the down arrow and select a local SSL Health Check Client certificate from the list menu. The certificate titled "Factory" is the default certificate shipped with your FortiADC. The rest, if any, are the custom certificates that you have created.

    HTTP/HTTPS

    Port

    Listening port number of the backend server. Usually HTTP is 80. If testing an HTTP proxy server, specify the proxy port.

    SSL Ciphers

    For HTTPS only. Default selections are recommended.

    Local Cert

    For HTTPS only. See TCP / TCP Half Open Connection / TCP SSL / UDP above.

    HTTP CONNECT

    If the real server pool members are HTTP proxy servers, specify an HTTP CONNECT option:

    • Local CONNECT—Use HTTP CONNECT to test the tunnel connection through the proxy to the remote server. The member is deemed available if the request returns status code 200 (OK).
    • Remote CONNECT—Use HTTP CONNECT to test both the proxy server response and remote server application availability. If you select this option, you can configure an HTTP request within the tunnel. For example, you can configure an HTTP GET/HEAD request to the specified URL and the expected response.
    • No CONNECT—Do not use the HTTP CONNECT method. This option is the default. The HTTP CONNECT option is useful to test the availability of proxy servers only.

    See the FortiADC Deployment Guide for FortiCache for an example that uses this health check.

    Remote Host

    If you use HTTP CONNECT to test proxy servers, specify the remote server IP address.

    Remote Port

    If you use HTTP CONNECT to test proxy servers, specify the remote server port.

    Method Type

    HTTP method for the test traffic:

    • HTTP GET—Send an HTTP GET request to the server. A response to an HTTP GET request includes HTTP headers and HTTP body.
    • HTTP HEAD—Send an HTTP HEAD request. A response to an HTTP HEAD request includes HTTP headers only.

    Send String

    The request URL, such as /contact.php.

    Receive String

    A string expected in return when the HTTP GET request is successful.

    Status Code

    The health check sends an HTTP request to the server. Specify the HTTP status code in the server reply that indicates a successful test. Typically, you use status code 200 (OK). Other status codes indicate errors.

    Match Type

    What determines a failed health check?

    • Match String
    • Match Status
    • Match All (match both string and status)

    Not applicable when using HTTP HEAD. HTTP HEAD requests test status code only.

    DNS

    Domain Name

    The FQDN, such as www.example.com, to use in the DNS A/AAAA record health check.

    Address Type
    • IPv4
    • IPv6

    Host Address

    IP address that matches the FQDN, indicating a successful health check.

    RADIUS / RADIUS Accounting

    Port

    Listening port number of the backend server. Usually RADIUS is 1812 and RADIUS accounting is 1813.

    Username

    User name of an account on the backend server.

    Password

    The corresponding password.

    Password Type
    • User—If the backend server does not use CHAP, select this option.
    • CHAP—If the backend server uses CHAP and does not require a secret key, select this option.

    Secret Key

    The secret set on the backend server.

    NAS IP Address

    NAS IP address RADIUS attribute (if the RADIUS server requires this attribute to make a connection).
    SIP / SIP-TCP

    Port

    Specify the port number. Valid values range from 0 to 65535.

    SIP Request Type

    Specify the SIP request type to be used for health checks:

    • SIP Options
    • SIP Register

    Status Code

    		 The expected response code. If not set, response code 200 is expected. Specify 0 if any reply should indicate the server is available.

    SMTP

    Port

    Listening port number of the backend server. Usually SMTP is 25.

    Domain Name

    The FQDN, such as www.example.com, to use in the SMTP HELO request used for health checks.

    If the response is OK (250), the server is considered as up. If there is error response (501) or no response at all, the server is considered down.

    POP3

    Port

    Listening port number of the backend server. Usually POP3 is 110.

    Username

    User name of an account on the backend server.

    Password

    The corresponding password.

    IMAP4

    Port

    Listening port number of the backend server. Usually IMAP4 is 143.

    Username

    User name of an account on the backend server.

    Password

    The corresponding password.

    Folder

    Select an email mailbox to use in the health check. If the mailbox does not exist or is not accessible, the health check fails. The default is INBOX.

    FTP

    Port

    Listening port number of the backend server. Usually FTP is 21.

    User name

    User name of an account on the backend server.

    Password

    The corresponding password.

    File

    Specify a file that exists on the backend server. Path is relative to the initial login path. If the file does not exist or is not accessible, the health check fails.

    Passive

    Select this option if the backend server uses passive FTP.

    SNMP

    Port

    Listening port number of the backend server. Usually SNMP is 161 or 162.

    CPU

    Maximum normal CPU usage. If overburdened, the health check fails.

    Memory

    Maximum normal RAM usage. If overburdened, the health check fails.

    Disk

    Maximum normal disk usage. If the disk is too full, the health check fails.

    Agent type
    • UCD
    • Windows 2000

    Community

    Must match the SNMP community string set on the backend server. If this does not match, all SNMP health checks fail.

    Version

    SNMP v1 or v2c.

    CPU Weight

    100

    Memory Weight

    100

    Disk Weight

    100
    SNMP-Custom

    Port

    Listening port number of the backend server. Usually SNMP is 161 or 162.

    Community

    Must match the SNMP community string set on the backend server. If this does not match, all SNMP health checks fail.

    Version

    SNMP v1 or v2c.

    OID

    String specifying the OID to query

    Value Type

    Abstract syntax notation (ASN) value type:

    • ASN_INTEGER
    • ASN_OCTET_STR
    • ASN_OBJECT_ID
    • ASN_COUNTER
    • ASN_UINTEGER

    Compare Type
    • Equal
    • Less
    • Greater

    Counter Value

    Specify the value for the evaluation.

    SSH

    Port

    Listening port number of the backend server. Usually SSH is 22.

    Username

    Username for test login.

    Password

    Corresponding password.

    L2 Detection

    No specific options

    Link Layer health checker. Sends ARP (IPv4) or NDP (IPv6) packets to test whether a physically connected system is available.

    RTSP

    Port

    Specify the listening port number. Valid values range from 0 to 65535.

    RTSP Method Type

    RTSP Options

    Status Code

    200

    MySQL

    Port

    Specify the listening port number of the MySQL server. Valid values range from 0 to 65535.

    Username

    Specify the database user name. (Optional)

    Password

    Specify the database password, if applicable.

    MySQL Server Type

    Select either of the following:

    • Master (Default)
    • Slave

    Diameter

    Origin Host

    Specify the FortiADC appliance that originates the Diameter message. The value is in FQDN format and used to uniquely identify a Diameter node for duplicate connection and routing loop detection.

    Note: Some Diameter servers do not accept multiple connections from the same origin host. If you set the origin host the same as the origin host (Identity) of the Diameter load-balance profile and use the health check and Diameter load balance profile in the same virtual server, the health check or the Diameter load-balance profile may run into certain undefined problems.

    Origin Realm

    Specify the realm of the FortiADC appliance that originates the Diameter message. The value is in FQDN format.

    Vendor ID

    Specify the type Unsigned32 vendor ID which contains the IANA "SMI Network Management Private Enterprise Codes" value assigned to the vendor of a Diameter application. The default is 12356.

    Product Name

    Specify the type UTF8String product name which contains the vendor assigned name for the product.

    Host IPv4 Address

    Specify the type IPv4 address used to inform a Diameter peer of the sender's IP address when the destination address type is IPv4. The default is blank, meaning that it is the address of the FortiADC's outgoing interface.

    Host IPv6 Address

    Specify the type IPv6 address used to inform a Diameter peer of the sender's IP address when the destination address type is IPv6. The default is blank, meaning that it is the address of the FortiADC's outgoing interface.

    Auth Application ID

    Specify the type Unsigned32 authentication application ID used to advertise support of the authentication and authorization portion of an application. This filed is optional; the default is 0 (zero).

    Acct Application ID

    Specify the type Unsigned32 accounting application ID used to advertise support of the accounting portion of an application. This field is optional; the default is 0 (zero).

    Oracle

    Note: Oracle DB HC only supports Hardware models in 5.1.0

    Port

    Listening port number of the OracleDB server.

    Username

    Specify the database username

    Password

    Specify the database password

    Connect type

    Select one of the following:

    • Service name
    • SID
    • Connect string

    Service name

    Use this to specify the service name.

    SID

    Use this to specify the SID

    Connect String

    Use this to specify the connect string

    Oracle-send-string

    Send a string (command) to the OracleDb server

    Oracle-receive-string

    The string we accept in order to receive

    Row

    The row in which the send string (command) takes effect

    Column

    The column in which the send string (command) takes effect

    Script

    Port

    Specify the port that the script uses

    Script

    Specify the script which we create or which we have pre-defined

    In SLB deployments, a health check port configuration specifying port 0 acts as a wildcard.The port for health check traffic is imputed from the real server pool member.

    In LLB and GLB deployments, specifying port 0 is invalid because there is no associated configuration to impute a proper port. If your health check port configuration specifies port 0, you will not be able to use it in an LLB or GLB configuration.
    Previous
    Next

    Configuring health checks

    Configuring health checks

    In server load balancing deployments, the system uses health checks to poll the members of the real server pool to test whether an application is available. You can also configure additional health checks to poll related servers, and you can include results for both in the health check rule. For example, you can configure an HTTP health check test and a RADIUS health check test. In a web application that requires user authentication, the web server is deemed available only if the web server and the related RADIUS server pass the health check.

    In link load balancing deployments, the health check can poll either the ISP link group member itself or a “beacon” server that is deployed on the other side of the ISP link. A beacon is an IP address that must be reachable in order for the link to be deemed available. A beacon can be any IP address, such as a main office, core router, or virtual server at another data center.

    If you expect a backend server is going to be unavailable for a long period, such as when it is undergoing hardware repair, it is experiencing extended down time, or when you have removed it from the server farm, you can improve the performance of the FortiADC system by setting the status of the pool member to Disabled, rather than allowing the system to continue to attempt health checks.

    Predefined health check configuration objects describes the predefined health checks. You can get started with these or create custom objects.

    Predefined health check configuration objects
    Predefined Description

    LB_HLTHCK_HTTP

    Sends a HEAD request to the server port 80. Expects the server to return an HTTP 200.

    LB_HLTHCK_HTTPS

    Sends a HEAD request to the server port 443. Expects the server to return an HTTP 200.

    LB_HLTHCK_ICMP

    Pings the server.

    LB_HLTHCK_TCP_ECHO

    Sends a TCP echo to server port 7. Expects the server to respond with the corresponding TCP echo.

    Before you begin:

    • You must have a good understanding of TCP/IP and knowledge of the services running on your backend servers.
    • You must know the IP address, port, and configuration details for the applications running on backend servers. For some application protocol checks, you must specify user credentials.
    • You must have Read-Write permission for Load Balance settings.

    After you have configured a health check, you can select it in the SLB server pool, LLB link group, or GLB server configuration.

    To configure a health check:
    1. Go to Shared Resources > Health Check.
    2. Click Create New to display the configuration editor.
    3. Select one of the following options:
      • ICMP
      • TCP Echo
      • TCP
      • HTTP
      • HTTPS
      • DNS
      • RADIUS
      • SMTP
      • POP3
      • IMAP4
      • RADIUS Accounting
      • FTP
      • Oracle
      • TCP Half Open Connection
      • TCP SSL
      • SNMP
      • SSH
      • L2 Detection
      • UDP
      • SIP
      • SIP-TCP
      • SNMP-Custom
      • RSTP
      • MySQL
      • Diameter
    4. Complete the configuration as described in Health check configuration.
    5. Save the configuration.

    You can clone a predefined configuration object to help you get started with a user-defined configuration.

    To clone a configuration object, click the clone icon that appears in the tools column on the configuration summary page.

    Health check configuration
    Settings Guidelines

    General

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    After you initially save the configuration, you cannot edit the name.

    Type

    Select a type of health check.

    Destination Address Type
    • IPv4
    • IPv6

    Destination Address

    IP address to send health check traffic.

    In server load balancing deployments, if you do not specify an IP address, the real server IP address is used. You might configure IP address for a health check if you are configuring a combination of health checks to poll related servers.

    In link load balancing deployments, if you do not specify an IP address, the destination IP address is the address of the gateway. You can configure IP address if you want to test connectivity to a beacon on the other side of the gateway, or if you want to test whether service traffic is allowed to pass through the link.

    Hostname

    For HTTP or HTTPS health checks, you can specify the hostname (FQDN) instead of the destination IP address. This is useful in VM environments where multiple applications have the same IP address.

    Interval

    Seconds between each health check. Should be more than the timeout to prevent overlapping health checks. The default is 10.

    Timeout

    Seconds to wait for a reply before assuming that the health check has failed. The default is 5.

    Up Retry

    Attempts to retry the health check to see if a down server has become available. The default is 1.

    Down Retry

    Attempts to retry the health check to see if an up server has become unavailable. The default is 1.

    Specifics

    ICMP

    No specific options

    Simple ping to test connectivity.

    TCP Echo

    No specific options

    Simple ping to test connectivity.

    TCP / TCP Half Open Connection / UDP

    Port

    Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161.

    TCP SSL

    Port

    Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161.

    SSL Ciphers

    Default selections are recommended.

    Local Cert

    For TCP SSL only. Click the down arrow and select a local SSL Health Check Client certificate from the list menu. The certificate titled "Factory" is the default certificate shipped with your FortiADC. The rest, if any, are the custom certificates that you have created.

    HTTP/HTTPS

    Port

    Listening port number of the backend server. Usually HTTP is 80. If testing an HTTP proxy server, specify the proxy port.

    SSL Ciphers

    For HTTPS only. Default selections are recommended.

    Local Cert

    For HTTPS only. See TCP / TCP Half Open Connection / TCP SSL / UDP above.

    HTTP CONNECT

    If the real server pool members are HTTP proxy servers, specify an HTTP CONNECT option:

    • Local CONNECT—Use HTTP CONNECT to test the tunnel connection through the proxy to the remote server. The member is deemed available if the request returns status code 200 (OK).
    • Remote CONNECT—Use HTTP CONNECT to test both the proxy server response and remote server application availability. If you select this option, you can configure an HTTP request within the tunnel. For example, you can configure an HTTP GET/HEAD request to the specified URL and the expected response.
    • No CONNECT—Do not use the HTTP CONNECT method. This option is the default. The HTTP CONNECT option is useful to test the availability of proxy servers only.

    See the FortiADC Deployment Guide for FortiCache for an example that uses this health check.

    Remote Host

    If you use HTTP CONNECT to test proxy servers, specify the remote server IP address.

    Remote Port

    If you use HTTP CONNECT to test proxy servers, specify the remote server port.

    Method Type

    HTTP method for the test traffic:

    • HTTP GET—Send an HTTP GET request to the server. A response to an HTTP GET request includes HTTP headers and HTTP body.
    • HTTP HEAD—Send an HTTP HEAD request. A response to an HTTP HEAD request includes HTTP headers only.

    Send String

    The request URL, such as /contact.php.

    Receive String

    A string expected in return when the HTTP GET request is successful.

    Status Code

    The health check sends an HTTP request to the server. Specify the HTTP status code in the server reply that indicates a successful test. Typically, you use status code 200 (OK). Other status codes indicate errors.

    Match Type

    What determines a failed health check?

    • Match String
    • Match Status
    • Match All (match both string and status)

    Not applicable when using HTTP HEAD. HTTP HEAD requests test status code only.

    DNS

    Domain Name

    The FQDN, such as www.example.com, to use in the DNS A/AAAA record health check.

    Address Type
    • IPv4
    • IPv6

    Host Address

    IP address that matches the FQDN, indicating a successful health check.

    RADIUS / RADIUS Accounting

    Port

    Listening port number of the backend server. Usually RADIUS is 1812 and RADIUS accounting is 1813.

    Username

    User name of an account on the backend server.

    Password

    The corresponding password.

    Password Type
    • User—If the backend server does not use CHAP, select this option.
    • CHAP—If the backend server uses CHAP and does not require a secret key, select this option.

    Secret Key

    The secret set on the backend server.

    NAS IP Address

    NAS IP address RADIUS attribute (if the RADIUS server requires this attribute to make a connection).
    SIP / SIP-TCP

    Port

    Specify the port number. Valid values range from 0 to 65535.

    SIP Request Type

    Specify the SIP request type to be used for health checks:

    • SIP Options
    • SIP Register

    Status Code

    		 The expected response code. If not set, response code 200 is expected. Specify 0 if any reply should indicate the server is available.

    SMTP

    Port

    Listening port number of the backend server. Usually SMTP is 25.

    Domain Name

    The FQDN, such as www.example.com, to use in the SMTP HELO request used for health checks.

    If the response is OK (250), the server is considered as up. If there is error response (501) or no response at all, the server is considered down.

    POP3

    Port

    Listening port number of the backend server. Usually POP3 is 110.

    Username

    User name of an account on the backend server.

    Password

    The corresponding password.

    IMAP4

    Port

    Listening port number of the backend server. Usually IMAP4 is 143.

    Username

    User name of an account on the backend server.

    Password

    The corresponding password.

    Folder

    Select an email mailbox to use in the health check. If the mailbox does not exist or is not accessible, the health check fails. The default is INBOX.

    FTP

    Port

    Listening port number of the backend server. Usually FTP is 21.

    User name

    User name of an account on the backend server.

    Password

    The corresponding password.

    File

    Specify a file that exists on the backend server. Path is relative to the initial login path. If the file does not exist or is not accessible, the health check fails.

    Passive

    Select this option if the backend server uses passive FTP.

    SNMP

    Port

    Listening port number of the backend server. Usually SNMP is 161 or 162.

    CPU

    Maximum normal CPU usage. If overburdened, the health check fails.

    Memory

    Maximum normal RAM usage. If overburdened, the health check fails.

    Disk

    Maximum normal disk usage. If the disk is too full, the health check fails.

    Agent type
    • UCD
    • Windows 2000

    Community

    Must match the SNMP community string set on the backend server. If this does not match, all SNMP health checks fail.

    Version

    SNMP v1 or v2c.

    CPU Weight

    100

    Memory Weight

    100

    Disk Weight

    100
    SNMP-Custom

    Port

    Listening port number of the backend server. Usually SNMP is 161 or 162.

    Community

    Must match the SNMP community string set on the backend server. If this does not match, all SNMP health checks fail.

    Version

    SNMP v1 or v2c.

    OID

    String specifying the OID to query

    Value Type

    Abstract syntax notation (ASN) value type:

    • ASN_INTEGER
    • ASN_OCTET_STR
    • ASN_OBJECT_ID
    • ASN_COUNTER
    • ASN_UINTEGER

    Compare Type
    • Equal
    • Less
    • Greater

    Counter Value

    Specify the value for the evaluation.

    SSH

    Port

    Listening port number of the backend server. Usually SSH is 22.

    Username

    Username for test login.

    Password

    Corresponding password.

    L2 Detection

    No specific options

    Link Layer health checker. Sends ARP (IPv4) or NDP (IPv6) packets to test whether a physically connected system is available.

    RTSP

    Port

    Specify the listening port number. Valid values range from 0 to 65535.

    RTSP Method Type

    RTSP Options

    Status Code

    200

    MySQL

    Port

    Specify the listening port number of the MySQL server. Valid values range from 0 to 65535.

    Username

    Specify the database user name. (Optional)

    Password

    Specify the database password, if applicable.

    MySQL Server Type

    Select either of the following:

    • Master (Default)
    • Slave

    Diameter

    Origin Host

    Specify the FortiADC appliance that originates the Diameter message. The value is in FQDN format and used to uniquely identify a Diameter node for duplicate connection and routing loop detection.

    Note: Some Diameter servers do not accept multiple connections from the same origin host. If you set the origin host the same as the origin host (Identity) of the Diameter load-balance profile and use the health check and Diameter load balance profile in the same virtual server, the health check or the Diameter load-balance profile may run into certain undefined problems.

    Origin Realm

    Specify the realm of the FortiADC appliance that originates the Diameter message. The value is in FQDN format.

    Vendor ID

    Specify the type Unsigned32 vendor ID which contains the IANA "SMI Network Management Private Enterprise Codes" value assigned to the vendor of a Diameter application. The default is 12356.

    Product Name

    Specify the type UTF8String product name which contains the vendor assigned name for the product.

    Host IPv4 Address

    Specify the type IPv4 address used to inform a Diameter peer of the sender's IP address when the destination address type is IPv4. The default is blank, meaning that it is the address of the FortiADC's outgoing interface.

    Host IPv6 Address

    Specify the type IPv6 address used to inform a Diameter peer of the sender's IP address when the destination address type is IPv6. The default is blank, meaning that it is the address of the FortiADC's outgoing interface.

    Auth Application ID

    Specify the type Unsigned32 authentication application ID used to advertise support of the authentication and authorization portion of an application. This filed is optional; the default is 0 (zero).

    Acct Application ID

    Specify the type Unsigned32 accounting application ID used to advertise support of the accounting portion of an application. This field is optional; the default is 0 (zero).

    Oracle

    Note: Oracle DB HC only supports Hardware models in 5.1.0

    Port

    Listening port number of the OracleDB server.

    Username

    Specify the database username

    Password

    Specify the database password

    Connect type

    Select one of the following:

    • Service name
    • SID
    • Connect string

    Service name

    Use this to specify the service name.

    SID

    Use this to specify the SID

    Connect String

    Use this to specify the connect string

    Oracle-send-string

    Send a string (command) to the OracleDb server

    Oracle-receive-string

    The string we accept in order to receive

    Row

    The row in which the send string (command) takes effect

    Column

    The column in which the send string (command) takes effect

    Script

    Port

    Specify the port that the script uses

    Script

    Specify the script which we create or which we have pre-defined

    In SLB deployments, a health check port configuration specifying port 0 acts as a wildcard.The port for health check traffic is imputed from the real server pool member.

    In LLB and GLB deployments, specifying port 0 is invalid because there is no associated configuration to impute a proper port. If your health check port configuration specifies port 0, you will not be able to use it in an LLB or GLB configuration.
    Previous
    Next