For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Cirrostratus rank

Cirrostratus

Dec 19, 2019

Solved

TCP Health Check.

All, I have a customer who mentioned that they took a server down for maintenance, but were still receiving customer traffic. This server sits in a pool tied to a VIP and is load balanced wit...

application delivery

Leonardo_Souza
Dec 19, 2019
TCP monitor will try a TCP handshake, if that is successful, marks pool member up.
If you use the default TCP monitor, the alias address field is *, that means it will get the port from the pool member.
So, if pool member is 192.168.1.1:639, it will try a TCP handshake with 192.168.1.1 on port 639.

In the case you described, if the application itself was down, but the server still had the port TCP/639 open, the monitor will still mark the server up.

You need an application layer monitor.
The system has a built in LDAP monitor, so you should use that.

Icon for Cirrocumulus rank

Cirrocumulus

Dec 19, 2019

You may also want to look this, after you setup the application layer monitor:

https://support.f5.com/csp/article/K15095

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5