system link-monitor
Use this command to add link health monitors that are used to determine the health of an interface. Link health monitors can also be used for FGCP HA remote link monitoring.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
set addr-mode {ipv4 | ipv6} set protocol {ping6 | ...} set gateway-ip6 set source-ip6 |
New option to choose IPv6 as the address mode, and new support for ping6, to determine if the FortiGate can communicate with the server. Note that |
set timeout <seconds> |
Removed the timeout for waiting before receiving a response from the server. |
config system link-monitor edit {name} # Configure Link Health Monitor. set name {string} Link monitor name. size[35] set addr-mode {ipv4 | ipv6} Address mode (IPv4 or IPv6). ipv4 IPv4 mode. ipv6 IPv6 mode. set srcintf {string} Interface that receives the traffic to be monitored. size[15] - datasource(s): system.interface.name config server edit {address} # IP address of the server(s) to be monitored. set address {string} Server address. size[64] next set protocol {option} Protocols used to monitor the server. ping PING link monitor. tcp-echo TCP echo link monitor. udp-echo UDP echo link monitor. http HTTP-GET link monitor. twamp TWAMP link monitor. ping6 PING6 link monitor. set port {integer} Port number of the traffic to be used to monitor the server. range[1-65535] set gateway-ip {ipv4 address any} Gateway IP address used to probe the server. set gateway-ip6 {ipv6 address} Gateway IPv6 address used to probe the server. set source-ip {ipv4 address any} Source IP address used in packet to the server. set source-ip6 {ipv6 address} Source IPv6 address used in packet to the server. set http-get {string} If you are monitoring an HTML server you can send an HTTP-GET request with a custom string. Use this option to define the string. size[1024] set http-agent {string} String in the http-agent field in the HTTP header. size[1024] set http-match {string} String that you expect to see in the HTTP-GET requests of the traffic to be monitored. size[1024] set interval {integer} Detection interval (1 - 3600 sec, default = 5). range[1-3600] set failtime {integer} Number of retry attempts before the server is considered down (1 - 10, default = 5) range[1-3600] set recoverytime {integer} Number of successful responses received before server is considered recovered (1 - 10, default = 5). range[1-3600] set security-mode {none | authentication} Twamp controller security mode. none Unauthenticated mode. authentication Authenticated mode. set password {password_string} Twamp controller password in authentication mode size[128] set packet-size {integer} Packet size of a twamp test session, range[64-1024] set ha-priority {integer} HA election priority (1 - 50). range[1-50] set update-cascade-interface {enable | disable} Enable/disable update cascade interface. set update-static-route {enable | disable} Enable/disable updating the static route. set status {enable | disable} Enable/disable this link monitor. next end
Additional information
The following section is for those options that require additional explanation.
srcintf <interface>
The name of the interface to add the link health monitor to.
server <address> [<address>...]
One or more IP addresses of the servers to be monitored. If the link health monitor cannot connect to all of the servers remote IP monitoring considers the link to be down. You can add multiple IP addresses to a single link monitor to monitor more than one IP address from a single interface. If you add multiple IP addresses, the health checking will be with all of the addresses at the same time. The link monitor only fails when no responses are received from all of the addresses.
protocol {ping | tcp-echo | udp-echo | http | twamp}
One or more protocols to be used to test the link. The default is ping
.
gateway-ip <address>
The IP address of the remote gateway that the link monitor must communicate with to contact the server. Only required if there is no other route on for this communication.
source-ip <address>
Optionally add a source address for the monitoring packets. Normally the source address is the address of the source interface. You can add a different source address if required.
interval <interval>
The time between sending link health check packets. Default is 1 seconds. Range is 1 to 3600 seconds.
failtime <failover-threshold>
The number of times that a health check can fail before a failure is detected (the failover threshold). Default is 5. Range is 1 to 10.
recoverytime <recovery-threshold>
The number of times that a health check must succeed after a failure is detected to verify that the server is back up. Default is 5. Range is 1 to 10.
ha-priority <priority>
The priority of this link health monitor when the link health monitor is part of an FGCP remote link monitor configuration. Default is 1. Range is 1 to 50.
update-cascade-interface {disable | enable}
Enable to bring down the source interface if the link health monitor fails. Disable to keep the interface up if the link health monitor fails. Default is enable.
update-static-route {disable | enable}
Enable to remove static routes from the routing table that use this interface if the link monitor fails. Default is enable.
status {disable | enable}
Enable or disable this link health monitor. Default is enable.