Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kcheng
Staff & Editor
Staff & Editor

Created on ‎11-21-2021 10:22 PM Edited on ‎10-28-2024 11:46 AM By Moderator

Article Id 199183

Technical Tip: Monitor FortiGate using server probes (HTTP)

Description

This article describes the monitoring of FortiGate using server probes. 

 

Users can use server probes on interfaces on FortiGate to check the reachability and the response time of accessing FortiGate. The following probe response modes can be configured:

 

none: disable probe.

http-probe: HTTP probe.

twamp: Two-Way Active Measurement Protocol.

 

Once the targeted FortiGate is configured with server-probe on its interfaces, users may configure server probe monitoring on third-party monitoring tool (using http-get), or using the Link Monitor feature available on a remote FortiGate.
Scope FortiGate.
Solution

 

  1. To configure an HTTP probe on a FortiGate to respond to the server probe request, the user must first specify the server probe response mode on the FortiGate:

 

 

config system probe-response

set mode http

end

 

It is possible to set additional configurations such as specifying custom port other than port 80.

 

Refer to this document for more information.

 

  1. Once the above has been configured, configure the interfaces that are required to respond to the server probe request:

 

config system interfaces

edit <interface> 

set allowaccess probe-response  <- This will only allow probe-response. If any other allowaccess is require such as https and ping, include the respective in the command line.

next

end

 

  1. With the above settings, FortiGate will start to respond to server probe requests configured.

    The following example uses another FortiGate to demonstrate HTTP server probe monitoring using the Link Monitor feature:

 

config system link-monitor

edit Probe

set srcintf <interface>

set server <FortiGate_IP> <- Configure the FortiGate IP that has the server probe response configured.

set gateway-ip <Gateway_IP>

set protocol http

set port <port> <- Replace this with the port number configured in the probe response section if the custom port is used. The default port is 80.

next

end

 

To verify that the server probe is working, the following command can be issued if the link monitor is used to send the server probe request.

 

This command is to be issued on the local FortiGate where probe-response is configured:

 

diag sys server-probe response

 

The following screenshot shows the expected output of the above command:

 

Probe_response.png

 

On the remote FortiGate that has been configured with the link monitor feature, the following command will show the response of the server probe request:

 

diag sys link-monitor status Probe <- Probe is the name of the link monitor that was configured. Replace that to the name of the link monitor name that is configured.

 

The following screenshot shows the expected output of the above command:

 

link-monitor.png

 
Labels:
8459
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.