Created on
03-24-2023
01:45 AM
Edited on
01-28-2025
03:12 AM
By
Jean-Philippe_P
Description |
This article describes how to enable FortiGate to probe traffic on the Azure or AWS load balancer. |
Scope | FortiGate. |
Solution |
In the Azure or AWS load balancer, if the FortiGate-VM probe is enabled, the Azure or AWS load balancer sends out a probe to a TCP/UDP port to verify if the VM is up and running. In the FortiGate, a specific probe config is activated on TCP/8008.
To probe detect in Azure or AWS load balancer, FortiGate needs to configure the below step via CLI:
config system probe-response set port 8008 set http-probe-value "OK" set mode http-probe end
config system interface edit "2" set ip 10.10.10.10 255.255.255.0 set allowaccess probe-response <-- This will only allow probe-response. If other access is required, include it in this command. Alternatively, use command < append allowaccess probe-response > to append existing settings. set device-identification enable set role wan set snmp-index 16 next end
config firewall local-in-policy edit 1 set uuid 80d9ad84-c99c-51ed-3072-b327f1deb659 set intf "port2" set srcaddr "all" set dstaddr "all" set action accept set service "TCP_8008 next end
A sample config of Azure or AWS load balancer.
Note that if the devices are configured in Active-Passive mode, it is expected that the secondary firewall will not respond to Load balancer probes.
Additional Notes: The probe-response feature is currently supported only for IPv4 and is not available for IPv6, both in Cloud environments (for example: Azure, AWS) and on physical devices. As a result, it is not possible to monitor traffic when an Azure or AWS load balancer is configured for IPv6, nor can the monitoring of Fortinet devices using IPv6 probes be performed.
config system interface |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.