Fortinet black logo

CLI Reference

Home FortiGate / FortiOS 6.0.0 CLI Reference

system link-monitor

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0
Copy Link
Copy Doc ID c287b6bf-a995-11e9-81a4-00505692583a:978142
Download PDF

system link-monitor

Use this command to add link health monitors that are used to determine the health of an interface. Link health monitors can also be used for FGCP HA remote link monitoring.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set addr-mode {ipv4 | ipv6}

set protocol {ping6 | ...}

set gateway-ip6

set source-ip6

New option to choose IPv6 as the address mode, and new support for ping6, to determine if the FortiGate can communicate with the server.

Note that ping6, gateway-ip6, and source-ip6 are only available when addr-mode to set to ipv6.

set timeout <seconds>

Removed the timeout for waiting before receiving a response from the server. 

config system link-monitor
    edit {name}
    # Configure Link Health Monitor.
        set name {string}   Link monitor name. size[35]
        set addr-mode {ipv4 | ipv6}   Address mode (IPv4 or IPv6).
                ipv4  IPv4 mode.
                ipv6  IPv6 mode.
        set srcintf {string}   Interface that receives the traffic to be monitored. size[15] - datasource(s): system.interface.name
        config server
            edit {address}
            # IP address of the server(s) to be monitored.
                set address {string}   Server address. size[64]
            next
        set protocol {option}   Protocols used to monitor the server.
                ping      PING link monitor.
                tcp-echo  TCP echo link monitor.
                udp-echo  UDP echo link monitor.
                http      HTTP-GET link monitor.
                twamp     TWAMP link monitor.
                ping6     PING6 link monitor.
        set port {integer}   Port number of the traffic to be used to monitor the server. range[1-65535]
        set gateway-ip {ipv4 address any}   Gateway IP address used to probe the server.
        set gateway-ip6 {ipv6 address}   Gateway IPv6 address used to probe the server.
        set source-ip {ipv4 address any}   Source IP address used in packet to the server.
        set source-ip6 {ipv6 address}   Source IPv6 address used in packet to the server.
        set http-get {string}   If you are monitoring an HTML server you can send an HTTP-GET request with a custom string. Use this option to define the string. size[1024]
        set http-agent {string}   String in the http-agent field in the HTTP header. size[1024]
        set http-match {string}   String that you expect to see in the HTTP-GET requests of the traffic to be monitored. size[1024]
        set interval {integer}   Detection interval (1 - 3600 sec, default = 5). range[1-3600]
        set failtime {integer}   Number of retry attempts before the server is considered down (1 - 10, default = 5) range[1-3600]
        set recoverytime {integer}   Number of successful responses received before server is considered recovered (1 - 10, default = 5). range[1-3600]
        set security-mode {none | authentication}   Twamp controller security mode.
                none            Unauthenticated mode.
                authentication  Authenticated mode.
        set password {password_string}   Twamp controller password in authentication mode size[128]
        set packet-size {integer}   Packet size of a twamp test session, range[64-1024]
        set ha-priority {integer}   HA election priority (1 - 50). range[1-50]
        set update-cascade-interface {enable | disable}   Enable/disable update cascade interface.
        set update-static-route {enable | disable}   Enable/disable updating the static route.
        set status {enable | disable}   Enable/disable this link monitor.
    next
end

Additional information

The following section is for those options that require additional explanation.

srcintf <interface>

The name of the interface to add the link health monitor to.

server <address> [<address>...]

One or more IP addresses of the servers to be monitored. If the link health monitor cannot connect to all of the servers remote IP monitoring considers the link to be down. You can add multiple IP addresses to a single link monitor to monitor more than one IP address from a single interface. If you add multiple IP addresses, the health checking will be with all of the addresses at the same time. The link monitor only fails when no responses are received from all of the addresses.

protocol {ping | tcp-echo | udp-echo | http | twamp}

One or more protocols to be used to test the link. The default is ping.

gateway-ip <address>

The IP address of the remote gateway that the link monitor must communicate with to contact the server. Only required if there is no other route on for this communication.

source-ip <address>

Optionally add a source address for the monitoring packets. Normally the source address is the address of the source interface. You can add a different source address if required.

interval <interval>

The time between sending link health check packets. Default is 1 seconds. Range is 1 to 3600 seconds.

failtime <failover-threshold>

The number of times that a health check can fail before a failure is detected (the failover threshold). Default is 5. Range is 1 to 10.

recoverytime <recovery-threshold>

The number of times that a health check must succeed after a failure is detected to verify that the server is back up. Default is 5. Range is 1 to 10.

ha-priority <priority>

The priority of this link health monitor when the link health monitor is part of an FGCP remote link monitor configuration. Default is 1. Range is 1 to 50.

update-cascade-interface {disable | enable}

Enable to bring down the source interface if the link health monitor fails. Disable to keep the interface up if the link health monitor fails. Default is enable.

update-static-route {disable | enable}

Enable to remove static routes from the routing table that use this interface if the link monitor fails. Default is enable.

status {disable | enable}

Enable or disable this link health monitor. Default is enable.

Previous
Next

system link-monitor

Use this command to add link health monitors that are used to determine the health of an interface. Link health monitors can also be used for FGCP HA remote link monitoring.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set addr-mode {ipv4 | ipv6}

set protocol {ping6 | ...}

set gateway-ip6

set source-ip6

New option to choose IPv6 as the address mode, and new support for ping6, to determine if the FortiGate can communicate with the server.

Note that ping6, gateway-ip6, and source-ip6 are only available when addr-mode to set to ipv6.

set timeout <seconds>

Removed the timeout for waiting before receiving a response from the server. 

config system link-monitor
    edit {name}
    # Configure Link Health Monitor.
        set name {string}   Link monitor name. size[35]
        set addr-mode {ipv4 | ipv6}   Address mode (IPv4 or IPv6).
                ipv4  IPv4 mode.
                ipv6  IPv6 mode.
        set srcintf {string}   Interface that receives the traffic to be monitored. size[15] - datasource(s): system.interface.name
        config server
            edit {address}
            # IP address of the server(s) to be monitored.
                set address {string}   Server address. size[64]
            next
        set protocol {option}   Protocols used to monitor the server.
                ping      PING link monitor.
                tcp-echo  TCP echo link monitor.
                udp-echo  UDP echo link monitor.
                http      HTTP-GET link monitor.
                twamp     TWAMP link monitor.
                ping6     PING6 link monitor.
        set port {integer}   Port number of the traffic to be used to monitor the server. range[1-65535]
        set gateway-ip {ipv4 address any}   Gateway IP address used to probe the server.
        set gateway-ip6 {ipv6 address}   Gateway IPv6 address used to probe the server.
        set source-ip {ipv4 address any}   Source IP address used in packet to the server.
        set source-ip6 {ipv6 address}   Source IPv6 address used in packet to the server.
        set http-get {string}   If you are monitoring an HTML server you can send an HTTP-GET request with a custom string. Use this option to define the string. size[1024]
        set http-agent {string}   String in the http-agent field in the HTTP header. size[1024]
        set http-match {string}   String that you expect to see in the HTTP-GET requests of the traffic to be monitored. size[1024]
        set interval {integer}   Detection interval (1 - 3600 sec, default = 5). range[1-3600]
        set failtime {integer}   Number of retry attempts before the server is considered down (1 - 10, default = 5) range[1-3600]
        set recoverytime {integer}   Number of successful responses received before server is considered recovered (1 - 10, default = 5). range[1-3600]
        set security-mode {none | authentication}   Twamp controller security mode.
                none            Unauthenticated mode.
                authentication  Authenticated mode.
        set password {password_string}   Twamp controller password in authentication mode size[128]
        set packet-size {integer}   Packet size of a twamp test session, range[64-1024]
        set ha-priority {integer}   HA election priority (1 - 50). range[1-50]
        set update-cascade-interface {enable | disable}   Enable/disable update cascade interface.
        set update-static-route {enable | disable}   Enable/disable updating the static route.
        set status {enable | disable}   Enable/disable this link monitor.
    next
end

Additional information

The following section is for those options that require additional explanation.

srcintf <interface>

The name of the interface to add the link health monitor to.

server <address> [<address>...]

One or more IP addresses of the servers to be monitored. If the link health monitor cannot connect to all of the servers remote IP monitoring considers the link to be down. You can add multiple IP addresses to a single link monitor to monitor more than one IP address from a single interface. If you add multiple IP addresses, the health checking will be with all of the addresses at the same time. The link monitor only fails when no responses are received from all of the addresses.

protocol {ping | tcp-echo | udp-echo | http | twamp}

One or more protocols to be used to test the link. The default is ping.

gateway-ip <address>

The IP address of the remote gateway that the link monitor must communicate with to contact the server. Only required if there is no other route on for this communication.

source-ip <address>

Optionally add a source address for the monitoring packets. Normally the source address is the address of the source interface. You can add a different source address if required.

interval <interval>

The time between sending link health check packets. Default is 1 seconds. Range is 1 to 3600 seconds.

failtime <failover-threshold>

The number of times that a health check can fail before a failure is detected (the failover threshold). Default is 5. Range is 1 to 10.

recoverytime <recovery-threshold>

The number of times that a health check must succeed after a failure is detected to verify that the server is back up. Default is 5. Range is 1 to 10.

ha-priority <priority>

The priority of this link health monitor when the link health monitor is part of an FGCP remote link monitor configuration. Default is 1. Range is 1 to 50.

update-cascade-interface {disable | enable}

Enable to bring down the source interface if the link health monitor fails. Disable to keep the interface up if the link health monitor fails. Default is enable.

update-static-route {disable | enable}

Enable to remove static routes from the routing table that use this interface if the link monitor fails. Default is enable.

status {disable | enable}

Enable or disable this link health monitor. Default is enable.

Previous
Next