FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

This article describes the monitoring of FortiGate using server probes. 


Users can use server probes on interfaces on FortiGate to check the reachability and the response time of accessing FortiGate. You may configure one of the following probe response modes:


none: disable probe.

http-probe: HTTP probe.

twamp: Two-Way Active Measurement Protocol.


Once the targetted FortiGate is configured with server-probe on its interfaces, users may configure server probe monitoring on third-party monitoring tool (using http-get), or using the Link Monitor feature available on a remote FortiGate.


1) To configure HTTP probe on a FortiGate to respond to the server probe request, the user must first specify the server probe response mode on the FortiGate:


# config system probe-response

set mode http



It is possibele to set additional configurations such as specifying custom port other than port 80.


Refer to for more information.


2) Once the above has been configured, configure the interfaces that are required to respond to the server probe request:


# config system interfaces

edit <interface> 

set allowaccess probe-response  --> This will only allow probe-response. If you require additional access such as https and ping, please include the respective in the command line




3) With the above settings, FortiGate will start to respond to server probe requests configured.

The following example uses another FortiGate to demonstrate HTTP server probe monitoring using Link Monitor feature:


# config system link-monitor

edit Probe

set srcintf <interface>

set server <FortiGate_IP> --> configure the FortiGate IP that has the server probe response configured

set gateway-ip <Gateway_IP>

set protocol http

set port <port> --> replace this with the port number configured in the probe response section if the custom port is used. The default port is 80




To verify that the server probe is working, you may issue the following command if the link monitor is used to send the server probe request.


This command is to be issued on the local FortiGate where probe-response is configured:

diag sys server-probe response


The following screenshot shows the expected output of the above command:




On the remote FortiGate that has been configured with the link monitor feature, the following command will show the response of the server probe request:


# diag sys link-monitor status Probe <----- Probe is the name of the link monitor that was configured. Replace that to the name of the link monitor name that you configured


The following screenshot shows the expected output of the above command:



Internal Notes