Here is a standard HTTP monitor that checks whether login page is up and working on the pool members.

[dennis@mifnt1slbgtm03:Active:Standalone] ~ # tmsh list gtm monitor https https.vpn.loginpage.statuscode.new
gtm monitor https https.vpn.loginpage.statuscode.new {
    cipherlist DEFAULT:+SHA:+3DES:+kEDH
    compatibility enabled
    defaults-from https
    destination *:*
    interval 30
    probe-timeout 5
    recv "HTTP/1.1 200 OK"
    send "GET /dana-na/auth/url_default/welcome.cgi HTTP/1.1\r\nHost: F5-healthcheck.eg.com\r\nConnection: Close\r\n\r\n"
    timeout 96
}

Now to test manually we can run a curl command from my awesome macbook pro

USFNTMNSIN9HTDD:~ lztx5g$ curl -I --header 'Host: F5-healthcheck.eg.com' https://employee.vpn.eg.com/dana-na/auth/url_default/welcome.cgi
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 12 Jan 2021 22:44:24 GMT
x-frame-options: SAMEORIGIN
Pragma: no-cache
Cache-Control: no-store
Expires: -1
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

So you can see the response code is as expected with the HTTP/1.1 200 OK

I also check each pool member individually but have to add the –insecure since the SSL Certificate is bound to the FQDN employee.vpn.eg.com so the query to each pool member would like something like this

USFNTMNSIN9HTDD:~ lztx5g$ curl --insecure -I --header 'Host: F5-healthcheck.eg.com' https://192.168.91.229/dana-na/auth/url_default/welcome.cgi
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 12 Jan 2021 23:03:23 GMT
x-frame-options: SAMEORIGIN
Pragma: no-cache
Cache-Control: no-store
Expires: -1
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

and you would run the same command but just change the IP address to the next pool member you want to test against.

Leave a Reply