Created on 11-21-2021 10:22 PM Edited on 06-08-2022 01:11 PM By Anonymous
Description |
This article describes the monitoring of FortiGate using server probes.
Users can use server probes on interfaces on FortiGate to check the reachability and the response time of accessing FortiGate. You may configure one of the following probe response modes:
none: disable probe. http-probe: HTTP probe. twamp: Two-Way Active Measurement Protocol.
Once the targetted FortiGate is configured with server-probe on its interfaces, users may configure server probe monitoring on third-party monitoring tool (using http-get), or using the Link Monitor feature available on a remote FortiGate. |
Scope | |
Solution |
1) To configure HTTP probe on a FortiGate to respond to the server probe request, the user must first specify the server probe response mode on the FortiGate:
# config system probe-response set mode http end
It is possibele to set additional configurations such as specifying custom port other than port 80.
Refer to https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/655978/system-probe-response for more information.
2) Once the above has been configured, configure the interfaces that are required to respond to the server probe request:
# config system interfaces edit <interface> set allowaccess probe-response --> This will only allow probe-response. If you require additional access such as https and ping, please include the respective in the command line next end
3) With the above settings, FortiGate will start to respond to server probe requests configured. The following example uses another FortiGate to demonstrate HTTP server probe monitoring using Link Monitor feature:
# config system link-monitor edit Probe set srcintf <interface> set server <FortiGate_IP> --> configure the FortiGate IP that has the server probe response configured set gateway-ip <Gateway_IP> set protocol http set port <port> --> replace this with the port number configured in the probe response section if the custom port is used. The default port is 80 next end
To verify that the server probe is working, you may issue the following command if the link monitor is used to send the server probe request.
This command is to be issued on the local FortiGate where probe-response is configured: diag sys server-probe response
The following screenshot shows the expected output of the above command:
On the remote FortiGate that has been configured with the link monitor feature, the following command will show the response of the server probe request:
# diag sys link-monitor status Probe <----- Probe is the name of the link monitor that was configured. Replace that to the name of the link monitor name that you configured
The following screenshot shows the expected output of the above command:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.