Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiWeb 7.4.5 Administration Guide
    7.4.5
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    Checking backend server status & issues

    Checking backend server status & issues

    1. Check if the server health-check is ON;

      2. Check current server status with diagnose:

      diagnose policy backend back-end server list <Server Pool>

      FortiWeb # diagnose policy server-pool list root. SP_01

      policy(SP_01)

      server-pool(RS_01) sp_id(14718170086418654778):

      total = 2

      server[0]

      server table id: 1

      server random id: 14419242131006337869

      ip: x.x.x.x

      port: 80

      alive:

      1

      session: 0

      idle: 0

      status: 1

      backup: 0

      server[1]

      server table id: 2

      server random id: 3111587693898389030

      ip: y.y.y.y

      port: 8080

      alive:

      0

      session: 0

      idle: 0

      status: 1

      backup: 0

      alive server 1:

      server[0]

      alive backup server 0:

    2. Check event logs for history status if server-pool health check is ON: Add Filter > Action > Check-Resource. You’ll see like this:

      Physical Server 1 [3.89.138.120:80] in server pool RS_01 status change from up to down

    3. If server-pool health check is OFF or you doubt the back-end server status is not stable, you may use curl to visit the back-end server (IP or FQDN) under FortiWeb root:

      /# curl -I http://x.x.x.x/

      /# curl -I https://x.x.x.x/

      /# curl -I --recursive https://x.x.x.x/

      Note: Using “execute telnettest x.x.x.x:80” under FortiWeb shell or “telnet x.x.x.x:80” may not work well because the HTTP headers cannot be fully sent and parsed.
      If you can successfully receive responses from backend servers using Curl, but the health check status still shows OFF, this could be due to network latency. To address this, utilize monitoring or probing tools to track the latency values at various times throughout the day. Then, adjust the health check's timeout value to match the highest recorded network latency. Be aware that this approach will consider backend servers with long network latencies as healthy and include them in traffic processing, potentially degrading user experience. Therefore, it is recommended to set a reasonable timeout value for the health checks to exclude servers with excessively long network latencies from handling traffic.
      For how to set health check, see config server-policy health in FortiWeb CLI Reference.
    4. Check if the request might be limited by “Connection Limit”.
    Previous
    Next

    Checking backend server status & issues

    Checking backend server status & issues

    1. Check if the server health-check is ON;

      2. Check current server status with diagnose:

      diagnose policy backend back-end server list <Server Pool>

      FortiWeb # diagnose policy server-pool list root. SP_01

      policy(SP_01)

      server-pool(RS_01) sp_id(14718170086418654778):

      total = 2

      server[0]

      server table id: 1

      server random id: 14419242131006337869

      ip: x.x.x.x

      port: 80

      alive:

      1

      session: 0

      idle: 0

      status: 1

      backup: 0

      server[1]

      server table id: 2

      server random id: 3111587693898389030

      ip: y.y.y.y

      port: 8080

      alive:

      0

      session: 0

      idle: 0

      status: 1

      backup: 0

      alive server 1:

      server[0]

      alive backup server 0:

    2. Check event logs for history status if server-pool health check is ON: Add Filter > Action > Check-Resource. You’ll see like this:

      Physical Server 1 [3.89.138.120:80] in server pool RS_01 status change from up to down

    3. If server-pool health check is OFF or you doubt the back-end server status is not stable, you may use curl to visit the back-end server (IP or FQDN) under FortiWeb root:

      /# curl -I http://x.x.x.x/

      /# curl -I https://x.x.x.x/

      /# curl -I --recursive https://x.x.x.x/

      Note: Using “execute telnettest x.x.x.x:80” under FortiWeb shell or “telnet x.x.x.x:80” may not work well because the HTTP headers cannot be fully sent and parsed.
      If you can successfully receive responses from backend servers using Curl, but the health check status still shows OFF, this could be due to network latency. To address this, utilize monitoring or probing tools to track the latency values at various times throughout the day. Then, adjust the health check's timeout value to match the highest recorded network latency. Be aware that this approach will consider backend servers with long network latencies as healthy and include them in traffic processing, potentially degrading user experience. Therefore, it is recommended to set a reasonable timeout value for the health checks to exclude servers with excessively long network latencies from handling traffic.
      For how to set health check, see config server-policy health in FortiWeb CLI Reference.
    4. Check if the request might be limited by “Connection Limit”.
    Previous
    Next