Description
Server Health Check can be configured to monitor status of servers in a pool.
If a server in the pool is found unresponsive, FortiWeb will not forward traffic to it.
This article describes basic troubleshooting procedures to check if a server is failing health check.
Solution
Server Health Check is configured from GUI under Server Objects -> Server -> Health Check.
For example, health check 'health_check_http' below has been configured to regularly send HTTP GET with URL '/login' to the server.
If the server responds with code 200, FortiWeb considers the server is up.
Normal Status.
The health check status can be checked from GUI under System -> Status -> Policy Status.
The health check status can be checked from GUI under System -> Status -> Policy Status.
Under normal status, the health check status should be green.
Health Check status failed.
If health check fails, the color of the status will not be green (as shown below).
If health check fails, the color of the status will not be green (as shown below).
The Event log should record server pool status 'change from up to down'.
Go to Log&Report -> Log Access -> Event.
Go to Log&Report -> Log Access -> Event.
Verify connectivity between FortiWeb and server.
Method 1: by Packet Capture in FortiWeb.
From GUI, go to System -> Network -> Packet Capture.
Method 1: by Packet Capture in FortiWeb.
From GUI, go to System -> Network -> Packet Capture.
Enable packet capture on the interface towards the server port (e.g. port3 in this example).
Set filter for the particular server IP (e.g. 172.16.1.11 below).
Start the packet capture and download the file after it is finished.
Start the packet capture and download the file after it is finished.
In this example, sniffer trace showed FortiWeb (172.16.1.1) sent HTTP request to server (172.16.1.11).
But there was no response from the server.
Method 2: By browser HTTP trace captured using client PC in server subnet.
To verify the HTTP connectivity between FortiWeb and the server, a client unit can be connected to the local subnet (where FortiWeb and server pool reside).
To verify the HTTP connectivity between FortiWeb and the server, a client unit can be connected to the local subnet (where FortiWeb and server pool reside).
Then try to initiate HTTP request from the client PC.
For example, in Chrome.
1) Look for the Vertical ellipsis button. Select 'More Tools' -> Developer tools.
1) Look for the Vertical ellipsis button. Select 'More Tools' -> Developer tools.
2) Then select the Network tab. Select the Record button to start recording.
In this example, the developer tool showed there was no server response to HTTP '\login' request for over 21 seconds.
In this example, the developer tool showed there was no server response to HTTP '\login' request for over 21 seconds.
For comparison, following was the response with 'Status 200' when server could successfully respond to the HTTP request.
