For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RobC's avatar
RobC
Icon for Nimbostratus rankNimbostratus
Apr 15, 2014

Ping Federated Health Monitor

The Ping administrator gave me a URL to use for testing pool members. https://:9031/pf/heartbeat.ping The results should be "OK". Is it possible to create a HTTPS based monitor using port 9031?

 

application delivery
availability
deployment
LTM

4 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 15, 2014

    Is it possible to create a HTTPS based monitor using port 9031?

     

    health monitor uses pool member port unless you specify the port number.

     

  • nag_54823's avatar
    nag_54823
    Icon for Cirrostratus rankCirrostratus
    Apr 15, 2014

    if you want to monitor pool member on different port then u can use dest *.portnumber

     

  • nag_54823's avatar
    nag_54823
    Icon for Cirrostratus rankCirrostratus
    Apr 15, 2014

    Hi Rob,

     

    No it's not part of send string. there is a seperate setting in every monitor. u can check with "b monitor https list"

     

    b monitor https list monitorroot type https { defaults from none interval 5 up interval 0 timeout 16 time until up immediate dest : ignore down response disable enable is read only partition Common cert none cipherlist "DEFAULT:+SHA:+3DES:+kEDH" compatibility "enabled" key none password none recv disable none recv none send "GET /\r\n" username none }

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 15, 2014

    e.g.

     config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm monitor https myhttps
ltm monitor https myhttps {
    cipherlist DEFAULT:+SHA:+3DES:+kEDH
    compatibility enabled
    defaults-from https
    destination *:*
    interval 5
    ip-dscp 0
    recv "404 Not Found"
    send "GET /pf/heartbeat.ping\r\nHost: \r\nConnection: Close\r\n\r\n"
    time-until-up 0
    timeout 16
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:9031 {
            address 200.200.200.101
            session monitor-enabled
            state up
        }
    }
    monitor myhttps
}

 trace

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 9031 -k /var/tmp/localhost.key
New TCP connection 1: 200.200.200.11(58764) <-> 200.200.200.101(9031)
1 1  1397586345.7759 (0.0062)  C>SV3.1(514)  Handshake
1 2  1397586346.0500 (0.2741)  S>CV3.1(81)  Handshake
1 3  1397586346.0500 (0.0000)  S>CV3.1(1052)  Handshake
1 4  1397586346.0500 (0.0000)  S>CV3.1(4)  Handshake
1 5  1397586346.0527 (0.0027)  C>SV3.1(134)  Handshake
1 6  1397586346.0527 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
1 7  1397586346.0527 (0.0000)  C>SV3.1(32)  Handshake
1 8  1397586346.2393 (0.1865)  S>CV3.1(1)  ChangeCipherSpec
1 9  1397586346.2393 (0.0000)  S>CV3.1(32)  Handshake
1 10 1397586346.2406 (0.0012)  C>SV3.1(69)  application_data
    ---------------------------------------------------------------
    GET /pf/heartbeat.ping
    Host:
    Connection: Close

    ---------------------------------------------------------------