Fortinet white logo
Fortinet white logo

Handbook

Configuring health checks

Configuring health checks

In server load balancing deployments, the system uses health checks to poll the members of the real server pool to test whether an application is available. You can also configure additional health checks to poll related servers, and you can include results for both in the health check rule. For example, you can configure an HTTP health check test and a RADIUS health check test. In a web application that requires user authentication, the web server is deemed available only if the web server and the related RADIUS server pass the health check.

In link load balancing deployments, the health check can poll either the ISP link group member itself or a “beacon” server that is deployed on the other side of the ISP link. A beacon is an IP address that must be reachable in order for the link to be deemed available. A beacon can be any IP address, such as a main office, core router, or virtual server at another data center.

If you expect a backend server is going to be unavailable for a long period, such as when it is undergoing hardware repair, it is experiencing extended down time, or when you have removed it from the server farm, you can improve the performance of the FortiADC system by setting the status of the pool member to Disabled, rather than allowing the system to continue to attempt health checks.

Predefined health check configuration objects describes the predefined health checks. You can get started with these or create custom objects.

Predefined health check configuration objects

Predefined Description

LB_HLTHCK_HTTP

Sends a HEAD request to the server port 80. Expects the server to return an HTTP 200.

LB_HLTHCK_HTTPS

Sends a HEAD request to the server port 443. Expects the server to return an HTTP 200.

LB_HLTHCK_ICMP

Pings the server.

LB_HLTHCK_TCP_ECHO

Sends a TCP echo to server port 7. Expects the server to respond with the corresponding TCP echo.

Before you begin:

  • You must have a good understanding of TCP/IP and knowledge of the services running on your backend servers.
  • You must know the IP address, port, and configuration details for the applications running on backend servers. For some application protocol checks, you must specify user credentials.
  • You must have Read-Write permission for Load Balance settings.

After you have configured a health check, you can select it in the SLB server pool, LLB link group, or GLB server configuration.

To configure a health check:
  1. Go to Shared Resources > Health Check.
  2. Click Create New to display the configuration editor.
  3. Select one of the following options:
    • ICMP
    • TCP Echo
    • TCP
    • HTTP
    • HTTPS
    • DNS
    • RADIUS
    • SMTP
    • POP3
    • IMAP4
    • RADIUS Accounting
    • FTP
    • Oracle
    • TCP Half Open Connection
    • TCP SSL
    • SNMP
    • SSH
    • L2 Detection
    • UDP
    • SIP
    • SIP-TCP
    • SNMP-Custom
    • RSTP
    • MySQL
    • Diameter
  4. Complete the configuration as described in Health check configuration.
  5. Save the configuration.

You can clone a predefined configuration object to help you get started with a user-defined configuration.

To clone a configuration object, click the clone icon that appears in the tools column on the configuration summary page.

Health check configuration

Settings Guidelines

General

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

After you initially save the configuration, you cannot edit the name.

Type

Select a type of health check.

Destination Address Type

  • IPv4
  • IPv6

Destination Address

IP address to send health check traffic.

In server load balancing deployments, if you do not specify an IP address, the real server IP address is used. You might configure IP address for a health check if you are configuring a combination of health checks to poll related servers.

In link load balancing deployments, if you do not specify an IP address, the destination IP address is the address of the gateway. You can configure IP address if you want to test connectivity to a beacon on the other side of the gateway, or if you want to test whether service traffic is allowed to pass through the link.

Hostname

For HTTP or HTTPS health checks, you can specify the hostname (FQDN) instead of the destination IP address. This is useful in VM environments where multiple applications have the same IP address.

Interval

Seconds between each health check. Should be more than the timeout to prevent overlapping health checks. The default is 10.

Timeout

Seconds to wait for a reply before assuming that the health check has failed. The default is 5.

Up Retry

Attempts to retry the health check to see if a down server has become available. The default is 1.

Down Retry

Attempts to retry the health check to see if an up server has become unavailable. The default is 1.

Specifics

ICMP

No specific options

Simple ping to test connectivity.

TCP Echo

No specific options

Simple ping to test connectivity.

TCP / TCP Half Open Connection / UDP

Port

Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161.

TCP SSL

Port

Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161.

SSL Ciphers

Default selections are recommended.

Local Cert

For TCP SSL only. Click the down arrow and select a local SSL Health Check Client certificate from the list menu. The certificate titled "Factory" is the default certificate shipped with your FortiADC. The rest, if any, are the custom certificates that you have created.

HTTP/HTTPS

Port

Listening port number of the backend server. Usually HTTP is 80. If testing an HTTP proxy server, specify the proxy port.

SSL Ciphers

For HTTPS only. Default selections are recommended.

Local Cert

For HTTPS only. See TCP / TCP Half Open Connection / TCP SSL / UDP above.

Http-version

Specify the HTTP version

Additional-string

Attach some string to HTTP header content

HTTP CONNECT

If the real server pool members are HTTP proxy servers, specify an HTTP CONNECT option:

  • Local CONNECT—Use HTTP CONNECT to test the tunnel connection through the proxy to the remote server. The member is deemed available if the request returns status code 200 (OK).
  • Remote CONNECT—Use HTTP CONNECT to test both the proxy server response and remote server application availability. If you select this option, you can configure an HTTP request within the tunnel. For example, you can configure an HTTP GET/HEAD request to the specified URL and the expected response.
  • No CONNECT—Do not use the HTTP CONNECT method. This option is the default. The HTTP CONNECT option is useful to test the availability of proxy servers only.

See the FortiADC Deployment Guide for FortiCache for an example that uses this health check.

Remote Host

If you use HTTP CONNECT to test proxy servers, specify the remote server IP address.

Remote Port

If you use HTTP CONNECT to test proxy servers, specify the remote server port.

Method Type

HTTP method for the test traffic:

  • HTTP GET—Send an HTTP GET request to the server. A response to an HTTP GET request includes HTTP headers and HTTP body.
  • HTTP HEAD—Send an HTTP HEAD request. A response to an HTTP HEAD request includes HTTP headers only.

Send String

The request URL, such as /contact.php.

Receive String

A string expected in return when the HTTP GET request is successful.

Status Code

The health check sends an HTTP request to the server. Specify the HTTP status code in the server reply that indicates a successful test. Typically, you use status code 200 (OK). Other status codes indicate errors.

Match Type

What determines a failed health check?

  • Match String
  • Match Status
  • Match All (match both string and status)

Not applicable when using HTTP HEAD. HTTP HEAD requests test status code only.

DNS

Domain Name

The FQDN, such as www.example.com, to use in the DNS A/AAAA record health check.

Address Type

  • IPv4
  • IPv6

Host Address

IP address that matches the FQDN, indicating a successful health check.

RADIUS / RADIUS Accounting

Port

Listening port number of the backend server. Usually RADIUS is 1812 and RADIUS accounting is 1813.

Username

User name of an account on the backend server.

Password

The corresponding password.

Password Type

  • User—If the backend server does not use CHAP, select this option.
  • CHAP—If the backend server uses CHAP and does not require a secret key, select this option.

Secret Key

The secret set on the backend server.

NAS IP Address

NAS IP address RADIUS attribute (if the RADIUS server requires this attribute to make a connection).

SIP / SIP-TCP

Port

Specify the port number. Valid values range from 0 to 65535.

SIP Request Type

Specify the SIP request type to be used for health checks:

  • SIP Options
  • SIP Register

Status Code

The expected response code. If not set, response code 200 is expected. Specify 0 if any reply should indicate the server is available.

SMTP

Port

Listening port number of the backend server. Usually SMTP is 25.

Domain Name

The FQDN, such as www.example.com, to use in the SMTP HELO request used for health checks.

If the response is OK (250), the server is considered as up. If there is error response (501) or no response at all, the server is considered down.

POP3

Port

Listening port number of the backend server. Usually POP3 is 110.

Username

User name of an account on the backend server.

Password

The corresponding password.

IMAP4

Port

Listening port number of the backend server. Usually IMAP4 is 143.

Username

User name of an account on the backend server.

Password

The corresponding password.

Folder

Select an email mailbox to use in the health check. If the mailbox does not exist or is not accessible, the health check fails. The default is INBOX.

FTP

Port

Listening port number of the backend server. Usually FTP is 21.

User name

User name of an account on the backend server.

Password

The corresponding password.

File

Specify a file that exists on the backend server. Path is relative to the initial login path. If the file does not exist or is not accessible, the health check fails.

Passive

Select this option if the backend server uses passive FTP.

SNMP

Port

Listening port number of the backend server. Usually SNMP is 161 or 162.

CPU

Maximum normal CPU usage. If overburdened, the health check fails.

Memory

Maximum normal RAM usage. If overburdened, the health check fails.

Disk

Maximum normal disk usage. If the disk is too full, the health check fails.

Agent type

  • UCD
  • Windows 2000

Community

Must match the SNMP community string set on the backend server. If this does not match, all SNMP health checks fail.

Version

SNMP v1 or v2c.

CPU Weight

100

Memory Weight

100

Disk Weight

100

SNMP-Custom

Port

Listening port number of the backend server. Usually SNMP is 161 or 162.

Community

Must match the SNMP community string set on the backend server. If this does not match, all SNMP health checks fail.

Version

SNMP v1 or v2c.

OID

String specifying the OID to query

Value Type

Abstract syntax notation (ASN) value type:

  • ASN_INTEGER
  • ASN_OCTET_STR
  • ASN_OBJECT_ID
  • ASN_COUNTER
  • ASN_UINTEGER

Compare Type

  • Equal
  • Less
  • Greater

Counter Value

Specify the value for the evaluation.

SSH

Port

Listening port number of the backend server. Usually SSH is 22.

Username

Username for test login.

Password

Corresponding password.

L2 Detection

No specific options

Link Layer health checker. Sends ARP (IPv4) or NDP (IPv6) packets to test whether a physically connected system is available.

RTSP

Port

Specify the listening port number. Valid values range from 0 to 65535.

RTSP Method Type

RTSP Options

Status Code

200

MySQL

Port

Specify the listening port number of the MySQL server. Valid values range from 0 to 65535.

Username

Specify the database user name. (Optional)

Password

Specify the database password, if applicable.

MySQL Server Type

Select either of the following:

  • Primary (Default)
  • Secondary

Diameter

Origin Host

Specify the FortiADC appliance that originates the Diameter message. The value is in FQDN format and used to uniquely identify a Diameter node for duplicate connection and routing loop detection.

Note: Some Diameter servers do not accept multiple connections from the same origin host. If you set the origin host the same as the origin host (Identity) of the Diameter load-balance profile and use the health check and Diameter load balance profile in the same virtual server, the health check or the Diameter load-balance profile may run into certain undefined problems.

Origin Realm

Specify the realm of the FortiADC appliance that originates the Diameter message. The value is in FQDN format.

Vendor ID

Specify the type Unsigned32 vendor ID which contains the IANA "SMI Network Management Private Enterprise Codes" value assigned to the vendor of a Diameter application. The default is 12356.

Product Name

Specify the type UTF8String product name which contains the vendor assigned name for the product.

Host IPv4 Address

Specify the type IPv4 address used to inform a Diameter peer of the sender's IP address when the destination address type is IPv4. The default is blank, meaning that it is the address of the FortiADC's outgoing interface.

Host IPv6 Address

Specify the type IPv6 address used to inform a Diameter peer of the sender's IP address when the destination address type is IPv6. The default is blank, meaning that it is the address of the FortiADC's outgoing interface.

Auth Application ID

Specify the type Unsigned32 authentication application ID used to advertise support of the authentication and authorization portion of an application. This filed is optional; the default is 0 (zero).

Acct Application ID

Specify the type Unsigned32 accounting application ID used to advertise support of the accounting portion of an application. This field is optional; the default is 0 (zero).

Oracle

Note: Oracle DB HC only supports Hardware models in 5.1.0

Port

Listening port number of the OracleDB server.

Username

Specify the database username

Password

Specify the database password

Connect type

Select one of the following:

  • Service name
  • SID
  • Connect string

Service name

Use this to specify the service name.

SID

Use this to specify the SID

Connect String

Use this to specify the connect string

Oracle-send-string

Send a string (command) to the OracleDb server

Oracle-receive-string

The string we accept in order to receive

Row

The row in which the send string (command) takes effect

Column

The column in which the send string (command) takes effect

Script

Port

Specify the port that the script uses

Script

Specify the script which we create or which we have pre-defined

LDAP

Port

Port Listening port number of the backend server. Usually LDAP is 389.

Password

The corresponding password.

Attribute

Attributes for the LDAP health check object.

BaseDN

The distinguished name where a LDAP server will search from.

BindDN

The distinguished name used to bind to a LDAP server.

Filter

Criteria to use in selecting results.

In SLB deployments, a health check port configuration specifying port 0 acts as a wildcard.The port for health check traffic is imputed from the real server pool member.

In LLB and GLB deployments, specifying port 0 is invalid because there is no associated configuration to impute a proper port. If your health check port configuration specifies port 0, you will not be able to use it in an LLB or GLB configuration.

Configuring health checks

Configuring health checks

In server load balancing deployments, the system uses health checks to poll the members of the real server pool to test whether an application is available. You can also configure additional health checks to poll related servers, and you can include results for both in the health check rule. For example, you can configure an HTTP health check test and a RADIUS health check test. In a web application that requires user authentication, the web server is deemed available only if the web server and the related RADIUS server pass the health check.

In link load balancing deployments, the health check can poll either the ISP link group member itself or a “beacon” server that is deployed on the other side of the ISP link. A beacon is an IP address that must be reachable in order for the link to be deemed available. A beacon can be any IP address, such as a main office, core router, or virtual server at another data center.

If you expect a backend server is going to be unavailable for a long period, such as when it is undergoing hardware repair, it is experiencing extended down time, or when you have removed it from the server farm, you can improve the performance of the FortiADC system by setting the status of the pool member to Disabled, rather than allowing the system to continue to attempt health checks.

Predefined health check configuration objects describes the predefined health checks. You can get started with these or create custom objects.

Predefined health check configuration objects

Predefined Description

LB_HLTHCK_HTTP

Sends a HEAD request to the server port 80. Expects the server to return an HTTP 200.

LB_HLTHCK_HTTPS

Sends a HEAD request to the server port 443. Expects the server to return an HTTP 200.

LB_HLTHCK_ICMP

Pings the server.

LB_HLTHCK_TCP_ECHO

Sends a TCP echo to server port 7. Expects the server to respond with the corresponding TCP echo.

Before you begin:

  • You must have a good understanding of TCP/IP and knowledge of the services running on your backend servers.
  • You must know the IP address, port, and configuration details for the applications running on backend servers. For some application protocol checks, you must specify user credentials.
  • You must have Read-Write permission for Load Balance settings.

After you have configured a health check, you can select it in the SLB server pool, LLB link group, or GLB server configuration.

To configure a health check:
  1. Go to Shared Resources > Health Check.
  2. Click Create New to display the configuration editor.
  3. Select one of the following options:
    • ICMP
    • TCP Echo
    • TCP
    • HTTP
    • HTTPS
    • DNS
    • RADIUS
    • SMTP
    • POP3
    • IMAP4
    • RADIUS Accounting
    • FTP
    • Oracle
    • TCP Half Open Connection
    • TCP SSL
    • SNMP
    • SSH
    • L2 Detection
    • UDP
    • SIP
    • SIP-TCP
    • SNMP-Custom
    • RSTP
    • MySQL
    • Diameter
  4. Complete the configuration as described in Health check configuration.
  5. Save the configuration.

You can clone a predefined configuration object to help you get started with a user-defined configuration.

To clone a configuration object, click the clone icon that appears in the tools column on the configuration summary page.

Health check configuration

Settings Guidelines

General

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

After you initially save the configuration, you cannot edit the name.

Type

Select a type of health check.

Destination Address Type

  • IPv4
  • IPv6

Destination Address

IP address to send health check traffic.

In server load balancing deployments, if you do not specify an IP address, the real server IP address is used. You might configure IP address for a health check if you are configuring a combination of health checks to poll related servers.

In link load balancing deployments, if you do not specify an IP address, the destination IP address is the address of the gateway. You can configure IP address if you want to test connectivity to a beacon on the other side of the gateway, or if you want to test whether service traffic is allowed to pass through the link.

Hostname

For HTTP or HTTPS health checks, you can specify the hostname (FQDN) instead of the destination IP address. This is useful in VM environments where multiple applications have the same IP address.

Interval

Seconds between each health check. Should be more than the timeout to prevent overlapping health checks. The default is 10.

Timeout

Seconds to wait for a reply before assuming that the health check has failed. The default is 5.

Up Retry

Attempts to retry the health check to see if a down server has become available. The default is 1.

Down Retry

Attempts to retry the health check to see if an up server has become unavailable. The default is 1.

Specifics

ICMP

No specific options

Simple ping to test connectivity.

TCP Echo

No specific options

Simple ping to test connectivity.

TCP / TCP Half Open Connection / UDP

Port

Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161.

TCP SSL

Port

Listening port number of the backend server. Usually HTTP is 80, FTP is 21, DNS is 53, POP3 is 110, IMAP4 is 143, RADIUS is 1812, and SNMP is 161.

SSL Ciphers

Default selections are recommended.

Local Cert

For TCP SSL only. Click the down arrow and select a local SSL Health Check Client certificate from the list menu. The certificate titled "Factory" is the default certificate shipped with your FortiADC. The rest, if any, are the custom certificates that you have created.

HTTP/HTTPS

Port

Listening port number of the backend server. Usually HTTP is 80. If testing an HTTP proxy server, specify the proxy port.

SSL Ciphers

For HTTPS only. Default selections are recommended.

Local Cert

For HTTPS only. See TCP / TCP Half Open Connection / TCP SSL / UDP above.

Http-version

Specify the HTTP version

Additional-string

Attach some string to HTTP header content

HTTP CONNECT

If the real server pool members are HTTP proxy servers, specify an HTTP CONNECT option:

  • Local CONNECT—Use HTTP CONNECT to test the tunnel connection through the proxy to the remote server. The member is deemed available if the request returns status code 200 (OK).
  • Remote CONNECT—Use HTTP CONNECT to test both the proxy server response and remote server application availability. If you select this option, you can configure an HTTP request within the tunnel. For example, you can configure an HTTP GET/HEAD request to the specified URL and the expected response.
  • No CONNECT—Do not use the HTTP CONNECT method. This option is the default. The HTTP CONNECT option is useful to test the availability of proxy servers only.

See the FortiADC Deployment Guide for FortiCache for an example that uses this health check.

Remote Host

If you use HTTP CONNECT to test proxy servers, specify the remote server IP address.

Remote Port

If you use HTTP CONNECT to test proxy servers, specify the remote server port.

Method Type

HTTP method for the test traffic:

  • HTTP GET—Send an HTTP GET request to the server. A response to an HTTP GET request includes HTTP headers and HTTP body.
  • HTTP HEAD—Send an HTTP HEAD request. A response to an HTTP HEAD request includes HTTP headers only.

Send String

The request URL, such as /contact.php.

Receive String

A string expected in return when the HTTP GET request is successful.

Status Code

The health check sends an HTTP request to the server. Specify the HTTP status code in the server reply that indicates a successful test. Typically, you use status code 200 (OK). Other status codes indicate errors.

Match Type

What determines a failed health check?

  • Match String
  • Match Status
  • Match All (match both string and status)

Not applicable when using HTTP HEAD. HTTP HEAD requests test status code only.

DNS

Domain Name

The FQDN, such as www.example.com, to use in the DNS A/AAAA record health check.

Address Type

  • IPv4
  • IPv6

Host Address

IP address that matches the FQDN, indicating a successful health check.

RADIUS / RADIUS Accounting

Port

Listening port number of the backend server. Usually RADIUS is 1812 and RADIUS accounting is 1813.

Username

User name of an account on the backend server.

Password

The corresponding password.

Password Type

  • User—If the backend server does not use CHAP, select this option.
  • CHAP—If the backend server uses CHAP and does not require a secret key, select this option.

Secret Key

The secret set on the backend server.

NAS IP Address

NAS IP address RADIUS attribute (if the RADIUS server requires this attribute to make a connection).

SIP / SIP-TCP

Port

Specify the port number. Valid values range from 0 to 65535.

SIP Request Type

Specify the SIP request type to be used for health checks:

  • SIP Options
  • SIP Register

Status Code

The expected response code. If not set, response code 200 is expected. Specify 0 if any reply should indicate the server is available.

SMTP

Port

Listening port number of the backend server. Usually SMTP is 25.

Domain Name

The FQDN, such as www.example.com, to use in the SMTP HELO request used for health checks.

If the response is OK (250), the server is considered as up. If there is error response (501) or no response at all, the server is considered down.

POP3

Port

Listening port number of the backend server. Usually POP3 is 110.

Username

User name of an account on the backend server.

Password

The corresponding password.

IMAP4

Port

Listening port number of the backend server. Usually IMAP4 is 143.

Username

User name of an account on the backend server.

Password

The corresponding password.

Folder

Select an email mailbox to use in the health check. If the mailbox does not exist or is not accessible, the health check fails. The default is INBOX.

FTP

Port

Listening port number of the backend server. Usually FTP is 21.

User name

User name of an account on the backend server.

Password

The corresponding password.

File

Specify a file that exists on the backend server. Path is relative to the initial login path. If the file does not exist or is not accessible, the health check fails.

Passive

Select this option if the backend server uses passive FTP.

SNMP

Port

Listening port number of the backend server. Usually SNMP is 161 or 162.

CPU

Maximum normal CPU usage. If overburdened, the health check fails.

Memory

Maximum normal RAM usage. If overburdened, the health check fails.

Disk

Maximum normal disk usage. If the disk is too full, the health check fails.

Agent type

  • UCD
  • Windows 2000

Community

Must match the SNMP community string set on the backend server. If this does not match, all SNMP health checks fail.

Version

SNMP v1 or v2c.

CPU Weight

100

Memory Weight

100

Disk Weight

100

SNMP-Custom

Port

Listening port number of the backend server. Usually SNMP is 161 or 162.

Community

Must match the SNMP community string set on the backend server. If this does not match, all SNMP health checks fail.

Version

SNMP v1 or v2c.

OID

String specifying the OID to query

Value Type

Abstract syntax notation (ASN) value type:

  • ASN_INTEGER
  • ASN_OCTET_STR
  • ASN_OBJECT_ID
  • ASN_COUNTER
  • ASN_UINTEGER

Compare Type

  • Equal
  • Less
  • Greater

Counter Value

Specify the value for the evaluation.

SSH

Port

Listening port number of the backend server. Usually SSH is 22.

Username

Username for test login.

Password

Corresponding password.

L2 Detection

No specific options

Link Layer health checker. Sends ARP (IPv4) or NDP (IPv6) packets to test whether a physically connected system is available.

RTSP

Port

Specify the listening port number. Valid values range from 0 to 65535.

RTSP Method Type

RTSP Options

Status Code

200

MySQL

Port

Specify the listening port number of the MySQL server. Valid values range from 0 to 65535.

Username

Specify the database user name. (Optional)

Password

Specify the database password, if applicable.

MySQL Server Type

Select either of the following:

  • Primary (Default)
  • Secondary

Diameter

Origin Host

Specify the FortiADC appliance that originates the Diameter message. The value is in FQDN format and used to uniquely identify a Diameter node for duplicate connection and routing loop detection.

Note: Some Diameter servers do not accept multiple connections from the same origin host. If you set the origin host the same as the origin host (Identity) of the Diameter load-balance profile and use the health check and Diameter load balance profile in the same virtual server, the health check or the Diameter load-balance profile may run into certain undefined problems.

Origin Realm

Specify the realm of the FortiADC appliance that originates the Diameter message. The value is in FQDN format.

Vendor ID

Specify the type Unsigned32 vendor ID which contains the IANA "SMI Network Management Private Enterprise Codes" value assigned to the vendor of a Diameter application. The default is 12356.

Product Name

Specify the type UTF8String product name which contains the vendor assigned name for the product.

Host IPv4 Address

Specify the type IPv4 address used to inform a Diameter peer of the sender's IP address when the destination address type is IPv4. The default is blank, meaning that it is the address of the FortiADC's outgoing interface.

Host IPv6 Address

Specify the type IPv6 address used to inform a Diameter peer of the sender's IP address when the destination address type is IPv6. The default is blank, meaning that it is the address of the FortiADC's outgoing interface.

Auth Application ID

Specify the type Unsigned32 authentication application ID used to advertise support of the authentication and authorization portion of an application. This filed is optional; the default is 0 (zero).

Acct Application ID

Specify the type Unsigned32 accounting application ID used to advertise support of the accounting portion of an application. This field is optional; the default is 0 (zero).

Oracle

Note: Oracle DB HC only supports Hardware models in 5.1.0

Port

Listening port number of the OracleDB server.

Username

Specify the database username

Password

Specify the database password

Connect type

Select one of the following:

  • Service name
  • SID
  • Connect string

Service name

Use this to specify the service name.

SID

Use this to specify the SID

Connect String

Use this to specify the connect string

Oracle-send-string

Send a string (command) to the OracleDb server

Oracle-receive-string

The string we accept in order to receive

Row

The row in which the send string (command) takes effect

Column

The column in which the send string (command) takes effect

Script

Port

Specify the port that the script uses

Script

Specify the script which we create or which we have pre-defined

LDAP

Port

Port Listening port number of the backend server. Usually LDAP is 389.

Password

The corresponding password.

Attribute

Attributes for the LDAP health check object.

BaseDN

The distinguished name where a LDAP server will search from.

BindDN

The distinguished name used to bind to a LDAP server.

Filter

Criteria to use in selecting results.

In SLB deployments, a health check port configuration specifying port 0 acts as a wildcard.The port for health check traffic is imputed from the real server pool member.

In LLB and GLB deployments, specifying port 0 is invalid because there is no associated configuration to impute a proper port. If your health check port configuration specifies port 0, you will not be able to use it in an LLB or GLB configuration.