Forum Discussion

JustCooLpOOLe's avatar
Icon for Cirrocumulus rankCirrocumulus
May 22, 2023

Monitor External Websites with GTM


The team is looking to set up a WIP to provide DNS failover for some external sites.  These sites are not behind our LTMs in the iQuery mesh.  We just want to peform a simple health check that determines whether the external site is up.  

Anyone have any experience with this?  I am able to curl to the websites just fine from the GTM devices.

5 Replies

  • JustCooLpOOLe If you can reach it you can perform a health check to it. You should be able to configure this as a generic host with no health monitor and then at the pool level you would use a health monitor for the respective website that will return the information you would like to have to classify the site as working.

    • JustCooLpOOLe's avatar
      Icon for Cirrocumulus rankCirrocumulus

      Thanks paulj !  

      We have that configuration but still shows down even though I can successfully curl to the site from our GTM.  We're looking into the prober pool configuration and routing to determine the source of the health check.

      • Paulius's avatar
        Icon for MVP rankMVP

        JustCooLpOOLe You might take this opportunity on the GTM to perform a tcpdump to see what you are receiving back from the destination. The following should be a close enough syntax and you can change the port if it's HTTPS rather than HTTP.

        tcpdump -nni 0.0:nnp host <gtm_ip> and host <destination_IP> and port 80

        It is common that sometimes a curl will function slightly different than the health monitor. A good example of this is I was able to perform a curl from my lab LTM to my lab apache server and the response was the one I expected but when I did a very similar request using the health monitor it would fail because the server said it was not able to find the destination that I requested. I ended up having to add in an entry that allowed the server to respond to any request to itself on 80 which I later narrowed it down once I came up with a lab root domain to use.

  • Also be cognizant that F5 health checks don't follow redirects. So, any health check should be for the final URL. A health check only passes if a 200 status code is received, so if you receive a redirect or auth required, you may have issues without using the final URL or setting up authentication for the monitor.