Handbook

Introduction
What's New
Key Concepts and Features
- Server load balancing
- Link load balancing
- Global load balancing
- Security
- High availability
- Virtual Domain (VDOM) and Administrative Domain (ADOM)
Getting Started
- Step 1: Install the appliance
- Step 2: Configure the management interface
- Step 3: Configure basic network settings
- Step 4: Test connectivity to destination servers
- Step 5: Complete product registration, licensing, and upgrades
- Step 6: Configure a basic server load balancing policy
- Step 7: Test the deployment
- Step 8: Back up the configuration
Dashboard
- Widgets
- Dashboard management tools
Security Fabric
- Automation
- Fabric connectors
- External connectors
FortiView
- Logical Topology
- Server Load Balance
- Security
- System
  - Event Logs
  - Automation
- Global Load Balance
  - Host
  - Data Analytics
- Link Load Balance
  - Gateway
- ZTNA FortiClient endpoint
System
- Settings
- Virtual Domain
- High Availability
- Traffic Group
- Administrator
- Global Resources
- WCCP
- SNMP
- Replacement Messages
- FortiGuard
  - Connecting to FortiGuard services
  - Configuring FortiGuard service settings
- Debug
- Certificate
Network
- Interface
- Routing
- NAT
  - Configuring source NAT
  - Configuring 1-to-1 NAT
- QoS
- Packet capture
Shared Resources
- Health Check
- Schedule Group
- Address
- Service
  - Creating service groups
  - Creating service objects
Server Load Balance
- Virtual Server
- Application Resources
- Application Optimization
- Real Server Pool
- Scripting
  - Using HTTP scripting
- SSL-FP Resources
Link Load Balance
- Link Policy
- Link Group
- Virtual Tunnel
Global Load Balance
- GLB Wizard
- FQDN
- Zone Tools
- Global Object
Web Application Firewall
- OWASP TOP10
- WAF Profile
- Known Web Attacks
  - Configuring a Web Attack Signature policy
  - Using the Signature Creation Wizard
- Common Attacks Detection
- Sensitive Data Protection
  - Configuring a Cookie Security policy
  - Configuring an HTTP Header Security policy
- Data Loss Prevention
- Input Validation
- Access Protection
- CORS Protection
- API Protection
- Bot Mitigation
- Web Vulnerability Scanner
Advanced Bot Protection (ABP)
- Enabling the Advanced Bot Protection connector
- Obtaining the Application ID from the FortiGuard ABP User Portal
- Configuring an Advanced Bot Protection policy
- Advanced Bot Protection troubleshooting and debugging
Network Security
- Firewall
- Intrusion Prevention
- AntiVirus
- IP Reputation
- Geo IP Protection
Zero Trust Network Access (ZTNA)
- How device identity and trust context is established with FortiClient EMS
- Configuring FortiClient EMS Connector for ZTNA
- Verifying client certificate, FortiClient endpoint and ZTNA tag synchronized from FortiClient EMS
- Configuring a ZTNA Profile
- ZTNA troubleshooting and debugging
DoS Protection
- DoS Protection Profile
- Application
- Networking
User Authentication
- Authentication Policy
- User Group
  - Configuring user groups
  - Configuring customized authentication forms
- Local User
- Remote User
- Using Kerberos Authentication Relay
  - Using HTTP Basic SSO
- SAML
  - Configure an SAML service provider
  - Import IDP Metadata
- AD FS Proxy
  - Adding an AD FS Publish
  - Adding an AD FS Proxy
- OAuth 2.0 authentication
Log & Report
- Using the traffic log
- Using the security log
- Using the script log
- Log Setting
- Report Setting
AI Threat Analytics
- AI Threat Analytics troubleshooting and debugging
SSL Advanced Services
- SSL offloading
- SSL decryption by forward proxy
- SSL profile configurations
- Certificate guidelines
- SSL/TLS versions and cipher suites
- Exceptions list
- SSL traffic mirroring
- HSM Integration
Best Practices and Fine-tuning
- Regular backups
  - Rebooting, resetting, and shutting down the system
  - SCP support for configuration backup
- Security
- Performance tips
- High availability
Troubleshooting
- Logs
- Tools
- Solutions by issue type
- Resetting the configuration
- Restoring firmware (“clean install”)
- Additional resources
Appendix A: Fortinet MIBs
Appendix B: Port Numbers
Appendix C: Scripts
- Scripting application
- Events and actions
- Predefined commands
- Predefined scripts
- Control structures
- Operators
- String library
- Function
- Special characters
- Examples
Appendix D: Maximum Configuration Values
Change Log

Home FortiADC 7.4.2 Handbook

7.4.2

Configuring health check scripts

You can upload or input scripting to run health check on FortiADC. When you set a new pool with the health check script, health check will run this script periodically. The health check will then use the result of the script as its result.

The following should be noted when using the Health Check Script feature:

The supported scripting type is shell script.
Some commands, such as curl, and ping are supported.
You should use a new root file-system to avoid the script accessing your current file-system.
You should limit the quantity of the script and not allow too many scripts to run at the same time.

Before you begin:

You should have knowledge of some basic concepts of shell scripting, such as variables, if/else statements, and while loop.

To configure a health check script:

Go to Shared Resources > Health Check.
Click the Health Check Script tab.
Configure the health check script, as described below.
Settings Guidelines
Name
Enter a unique name for the health check script.
After you initially save the configuration, you cannot edit the name.
Input
Type or paste the script.
Click Save.
Go back to the Health Check tab. Create a new health check configuration and select one of the health check scripts you created.

Settings	Guidelines
Name	Enter a unique name for the health check script. After you initially save the configuration, you cannot edit the name.
Input	Type or paste the script.

Predefined Health Check Scripts

The following table describes the predefined health check scripts. You can get started with these or create custom scripts.

Predefined script	Usage
CURL_HTTP_CODE	Uses curl to check the status of server
ICMP	Uses ping to check the status of server
PORT_STATUS	Uses nc to check status of a port on server.

Health Check Script programs and commands

The following table describes the predefined commands.

Predefined commands	Usage
$NODE_IP	The IP address of real server.
$NODE_PORT	The port of the real server.
$UP:	Sets the status of health check to UP.
$DOWN:	Sets the status of health check to DOWN.

The following programs and commands can be used in the health check script:

• hostname

• ipcalc

• stty

• usleep

• busybox

• curl

• ed

• nmeter

• xargs

• tail

• basename

• dirname

• expr

• killall

• mkfif

• pwdx

• shred

• split

• traceroute6

• cat

• date

• egrep

• ifconfig

• iplink

• ln

• mktemp

• nameif

• ping6

• rm

• sleep

• true

• base64

• chmod

• dns domain name

• fgrep

• ip

• ls

• mount

• netstat

• printenv

• rmdir

• stat

• umount

• bash

• cp

• echo

• grep

• ipaddr

• kill

• mkdir

• mpstat

• pidof

• ps

• sed

• uniq

• uptime

• link

• mknod

• mv

• ping

• pwd

• slattach

• touch

• vconfig

• adduser

• arping

• fakeidentd

• inetd

• killall5

• nbd-client

• powertop

• pmap

• pstree

• iproute

• telnet

• seq

• sort

• sum

• test

• tr

• truncate

• unix2dos

• wc

• yes

• cmp

• dos2unix

• find

• lsof

• nc

• nslookup

• pgrep

• printf

• time

• traceroute

• tty

• unlink

• whoami

• awk

• diff

• du

• flock

• md5sum

• netcat

• passwd

• pkill

• pscan

• realpath

• smemcap

• ssl_client