|
In the Azure or AWS load balancer, if the FortiGate-VM probe is enabled, the Azure or AWS load balancer sends out a probe to a TCP/UDP port to verify if the VM is up and running.
In the FortiGate, a specific probe config is activated on TCP/8008.
To probe detect in Azure or AWS load balancer, FortiGate needs to configure the below step via CLI:
config system probe-response
set port 8008
set http-probe-value "OK"
set mode http-probe
end
config system interface
edit "2"
set ip 10.10.10.10 255.255.255.0
set allowaccess probe-response <-- This will only allow probe-response. If other access is required, include it in this command. Alternatively, use command < append allowaccess probe-response > to append existing settings.
set device-identification enable
set role wan
set snmp-index 16
next
end
config firewall local-in-policy
edit 1
set uuid 80d9ad84-c99c-51ed-3072-b327f1deb659
set intf "port2"
set srcaddr "all"
set dstaddr "all"
set action accept
set service "TCP_8008
next
end
A sample config of Azure or AWS load balancer.
Note that if the devices are configured in Active-Passive mode, it is expected that the secondary firewall will not respond to Load balancer probes.
|
