|Description||This article describes a method of verification used by the FortiMonitor public probe network to prevent false-positive alerts and notifications.|
|Scope||Public probes, Synthetic checks, Network|
FortiMonitor has a number of public probes across the globe. These probes allow the end-user to perform remote checks originating outside of the user's own network.
Dependent upon external network conditions, a specific public probe may be periodically unable to reach a destination. This could occur for any number of reasons, e.g. regional internet outage, etc. In order to prevent false reports that an endpoint is unreachable (or that a metric threshold has been breached) FortiMonitor's public probes will initiate a series of backup checks across the public probe network to verify conditions.
By default, if a single public probe fails to receive the expected data from a check, four additional public probes in different regions will attempt the same check. If three of these checks fail consecutively, an outage will be confirmed as the endpoint is likely to be the issue as opposed to the global network connectivity. Likewise, if an outage is confirmed by this process, it will require three (out of four) consecutive checks to succeed to issue an 'All Clear' on any incident alert.
As seen in the image below, the number of confirmation checks may be manually increased or decreased. The number of probes involved in the confirmation check will be the user-selected number (or default) plus one additional probe. If the number of checks is customized, the number of probes that must succeed in the confirmation check is the total number (user-edited value plus one as explained above) minus one for the initial probe to either confirm or clear an incident.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.