Troubleshooting Tip: FortiWeb server health check
Description
This article describes that erver Health Check can be configured to monitor the status of servers in a pool. If a server in the pool is found unresponsive, FortiWeb will not forward traffic to it.
This article describes basic troubleshooting procedures to check if a server is failing a health check.
Scope
FortiWeb.
Solution
Server Health Check is configured from the GUI under Server Objects -> Server -> Health Check.
For example, health check 'health_check_http' below has been configured to regularly send an HTTP GET with URL '/login' to the server.
If the server responds with code 200, FortiWeb considers the server to be up.
Normal Status.
The health check status can be checked from the GUI under System -> Status -> Policy Status.
The health check status can be checked from the GUI under System -> Status -> Policy Status.
Under normal status, the health check status should be green.
Health Check status failed.
If the health check fails, the color of the status will not be green (as shown below).
If the health check fails, the color of the status will not be green (as shown below).
The event log should record the server pool status 'change from up to down'.
Go to Log & Report -> Log Access -> Event.
Go to Log & Report -> Log Access -> Event.
Verify connectivity between FortiWeb and the server.
Method 1: By Packet Capture in FortiWeb.
From the GUI, go to System -> Network -> Packet Capture.
Method 1: By Packet Capture in FortiWeb.
From the GUI, go to System -> Network -> Packet Capture.
Enable packet capture on the interface towards the server port (e.g., port3 in this example).
Set a filter for the particular server IP (e.g., 172.16.1.11 below).
Start the packet capture and download the file after it is finished.
Start the packet capture and download the file after it is finished.
In this example, the sniffer trace showed FortiWeb (172.16.1.1) sent an HTTP request to the server (172.16.1.11).
But there was no response from the server.
Method 2: By browser HTTP trace captured using a client PC in the server subnet.
To verify the HTTP connectivity between FortiWeb and the server, a client unit can be connected to the local subnet (where FortiWeb and the server pool reside).
To verify the HTTP connectivity between FortiWeb and the server, a client unit can be connected to the local subnet (where FortiWeb and the server pool reside).
Then, try to initiate an HTTP request from the client PC.
For example, in Chrome.
- Look for the Vertical ellipsis button. Select 'More Tools' -> Developer tools.
- Then select the Network tab. Select the Record button to start recording.
In this example, the developer tool showed there was no server response to the HTTP '\login' request for over 21 seconds.
For comparison, the following was the response with 'Status 200' when the server could successfully respond to the HTTP request.
- The following debug command can be used to verify the healthcheck status.
diagnose debug proxy thread-hlck 7
diagnose debug enable