This article describes how to check the forward-server status in FortiProxy.

It is possible to check by firewall policies WAD debug:

diagnose debug enable

diagnose test application wad 2200  <----- Display status of WAN.

diagnose test application wad 1002  <----- Display status of WANOpt storages.

diagnose test application wad 101

Example:

Configuration:

config web-proxy forward-server
    edit "forward-server1"
        set ip <ip address>
        set port 8080
        set healthcheck enable
        set monitor "http://www.fortinet.com"
    next
        edit "forward-server2"
            set ip <ip address>
            set port 8080
            set healthcheck enable
            set monitor "http://www.fortinet.com"
    next
end

config web-proxy forward-server-group
    edit "servergroup"
        set ldb-method active-passive
            config server-list
                edit "forward-server1"
                    set weight 30
                next
                edit "forward-server2"
                    set weight 20
                next
            end
    next
end

config firewall policy
    edit 2
        set type explicit-web
        set name "forwardservergroup_policy"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "webproxy"
        set explicit-web-proxy "web-proxy"
        set logtraffic all
        set webcache enable
        set webproxy-forward-server "servergroup"
    next
end

Result:

diagnose test application wad 101

----vf_id=0 polid=2 ref=7 gen=8/8 pol=0x7f8bff2dd300 sec=0x7f8bff4b81f0----
uuid_idx: 261
zone(1) to: port1
src address
all matches any ipv4
dst address
all matches any ipv4
service: need app_info (no)
proto:15 src:0-65535 dst:0-65535
[000] name=servergroup lb-alg=active-passive n_servers=2 affinity=disable
hits=0 weight=(total:0 gen:1 cur:0)
name=forward-server1 hits=491 status=up weight=30 gen:0 cur:0 n_conns=1
name=forward-server2 hits=0 status=down weight=20 gen:0 cur:0 n_conns=0

web cache(http/https/reverse_cache): enabled/disabled/disabled
webproxy profile: nil
negations: src no, dst no, services no
need l7 match: no
Stats: client: 233069/121975, server: 121831/229729, active: 2
not id-based, auth-rmsg-ovrd-grp:
log: traffic=yes utm=yes start=no
schedule: always
sec-profile '[@_single_@]' (ref=3,gen=1,1,8/1#1,1): ssh_tun_policy=0,alpn=0
rmsg_groups proto= AV= dlp= spam= web= file=N/A video=N/A
proto 0. 'default ' ref=0 in_tree=0 gen=1/1
dio 0. 'no-inspection ' ref=2 in_tree=1 gen=2/2

Note:

Upgrading FortiProxy from v7.2.X to v7.4.0-7.4.8 may cause downtime when monitoring has been enabled in the Forwarding Server configuration and the 'http://' scheme is used.

For example, when configuring to monitor 'http://www.fortinet.com', and upgrading the FortiProxy to v7.4.0-v7.4.8, the Forward Server will be down, and this will cause traffic disruption. 

To bypass this issue, there are two options:

1. Remove the 'http://' scheme from the URL.
2. Upgrade FortiProxy to v7.4.9 and above.