FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 250184

This article describes how to enable FortiGate probe traffic on the Azure load balancer.

Scope FortiGate.

In the Azure load balancer, if the FortiGate-VM probe is enabled, the Azure load balancer sends out a probe to a TCP/UDP port to verify if the VM is up and running.

In the FortiGate, a specific probe config is activated on TCP/8008.


In order to probe detect in Azure load balancer, FortiGate needs to configure the below step via CLI:


config system probe-response

    set port 8008

    set http-probe-value "OK"

    set mode http-probe



config system interface

    edit "2"

        set ip

        set allowaccess probe-response  <----- This will only allow probe-response. If other access is required, please include it in this command. Alternatively, use command < # append allowaccess probe-response > to append existing settings.

        set device-identification enable

        set role wan

        set snmp-index 16


config firewall local-in-policy

    edit 1

        set uuid 80d9ad84-c99c-51ed-3072-b327f1deb659

        set intf "port2"

        set srcaddr "all"

        set dstaddr "all"

        set action accept

        set service "TCP_8008


A sample config of Azure load balancer.