Health monitoring

Template name

Enter a name for the template. The template name is case insensitive.

Type

Select an operation type from the list. Options are:

·     ICMP.

·     UDP.

·     TCP.

·     FTP.

·     DNS.

·     HTTP.

·     RADIUS.

·     SSL.

·     HTTPS.

·     TCP half-open.

·     SNMP-DCA.

·     RADIUS-ACCOUNT.

·     Others—In addition to the operation types listed above, you can select this option to specify other operation types. With this option selected, the probe templates cannot be edited.

Probe interval

Enter the interval in milliseconds at which the NQA operation repeats. If you set the interval to 0, NQA performs the operation only once and does not generate any statistics.

Probe timeout

Enter the timeout time for waiting for a response, in milliseconds.

Description

Enter a description for the template.

Destination IP address

Enter the destination IPv4 or IPv6 address for the probe packets.

Data to pad

Enter the case-sensitive payload fill string for probe packets. The payload fill string will be truncated at the end or cyclically repeated to fit the payload size of the probe packet.

Length of data to pad

Enter the payload size for each probe packet, in bytes.

Next hop IP address

Enter the next hop IPv4 or IPv6 address for probe packets. If the next hop address is not configured, the device searches the routing table to determine the next hop address for the probe packets.

Outgoing interface

Enter the outgoing interface for probe packets. For successful operation, the specified outgoing interface must be up.

Destination IP address

Enter the destination IPv4 or IPv6 address for the probe packets.

Destination port number

Enter the destination port number for the probe packets.

Data to pad

Enter the case-sensitive payload fill string for probe packets. The payload fill string will be truncated at the end or cyclically repeated to fit the payload size of the probe packet.

Length of data to pad

Enter the payload size for each probe packet, in bytes.

This item is not available for the TCP operation.

Next hop IP address

Enter the next hop IPv4 or IPv6 address for probe packets. If the next hop address is not configured, the device looks up the routing table for the next hop address.

This item is not available for the UDP operation.

Expected data offset

Enter the offset in bytes after which the first match operation for the expected response data starts.

Upon receiving a response packet, the NQA client searches the packet payload for the expected data.

·     If no offset is configured, the NQA client starts the first match operation from the beginning byte of the payload. If no match is found, it starts another match operation from the second byte of the payload. The process continues until a match is found or the last payload byte is tried.

·     If an offset is configured, the NQA client starts the first match operation after the specified offset bytes. If no match is found, it continues the match operation as if no offset was configured.

In whichever cases, the NQA client marks the NQA operation as successful if a match is found. If no match is found, it marks the NQA operation as failed.

Expected data

Enter the case-sensitive expected response data.

URL

Enter the URL of the target resource for the FTP operation, a case-sensitive string of 1 to 255 characters.

Valid URL formats:

·     ftp://host/filename.

·     ftp://host:port/filename.

The host parameter represents the host name of the server hosting the resource, which must meet the following requirements:

·     Case sensitive.

·     Valid characters are letters, digits, hyphens (-), underscores (_), and dots (.), but consecutive dots (.) are not allowed.

·     Must be a dot-separated series of labels. Each label can contain 1 to 63 characters.

Username

Enter the FTP login username. The username is case sensitive.

Password

Enter the FTP login password in encrypted form.

Operation type

Select the FTP operation type from the list. Options are:

·     Download—Gets a file from the FTP server.

·     Upload—Uploads a file to the FTP server.

Local file name

This item is available only when Upload is selected for Operation type.

Enter the name of the file to be uploaded to the FTP server. The file name is a case-sensitive string of 1 to 200 characters which cannot contain slashes (/).

Mode

Select the data transmission mode for the FTP operation. Options are:

·     Active—In active mode, the FTP server initiates a connection request.

·     Passive—In passive mode, the FTP client initiates a connection request.

Destination IP address

Enter the IP address of the DNS server as the destination IP address for the probe packets.

Destination port number

Enter the destination port number for the probe packets.

Domain to resolve

Enter the domain name to be resolved.

The domain name must meet the following requirements:

·     1 to 255 characters in length.

·     Case sensitive.

·     Valid characters are letters, digits, hyphens (-), underscores (_), and dots (.), but consecutive dots (.) are not allowed.

·     Must be a dot-separated series of labels. Each label can contain 1 to 63 characters.

Resolving type

Select the domain name resolution type. Options are:

·     A—A type A query resolves a domain name to a mapped IPv4 address.

·     AAA—A type AAAA query resolves a domain name to a mapped IPv6 address.

Expected IPv4 address

This item is available only when A is selected for Resolving type.

Enter the expected IPv4 address.

During a DNS operation, the NQA client compares the expected IPv4 address with the IPv4 address resolved by the DNS server. If they are the same, it considers the DNS server legal.

Expected IPv6 address

This item is available only when AAA is selected for Resolving type

Enter the expected IPv6 address.

During a DNS operation, the NQA client compares the expected IPv6 address with the IPv6 address resolved by the DNS server. If they are the same, it considers the DNS server legal.

Outgoing interface

Enter the outgoing interface for probe packets.

URL

Enter the URL of the target resource, a case-sensitive string of 1 to 255 characters which cannot contain question marks (?).

Valid URL formats:

·     HTTP:

¡     http://host/resource.

¡     http://host:port/resource.

·     HTTPS:

¡     https://host/resource.

¡     https://host:port/resource.

The host parameter represents the host name of the server hosting the resource, which must meet the following requirements:

·     Case sensitive.

·     Valid characters are letters, digits, hyphens (-), underscores (_), and dots (.), but consecutive dots (.) are not allowed.

·     Must be a dot-separated series of labels. Each label can contain 1 to 63 characters.

Username

Enter the login username. The username is case sensitive.

Password

Enter the login password in encrypted form. The password is case sensitive.

Operation type

Select an operation type from the list. Options are:

·     Get—Gets data from the HTTP or HTTPS server.

·     Post—Transfers data to the HTTP or HTTPS server.

·     Raw—Sends the RAW request to the HTTP or HTTPS server.

Version

Select the version used in the HTTP or HTTPS operation. Options are:

·     V1.0.

·     V1.1.

SSL client policy

This item is available only for the HTTPS template.

Select an existing SSL client policy or select Create SSL client policy to create an SSL client policy for the HTTPS template. The created SSL client policy will be displayed on the Objects > SSL > SSL Client Policies page.

In the HTTPS operation, the NQA client uses the specified SSL client policy to establish an SSL connection to the server.

Expected status code

Enter a comma-separated list of status code items. Each item specifies a status code or a range of status codes in the form of status-num1-status-num2. The value ranges for both the status-num1 and status-num2 arguments are 0 to 999. The value for the status-num 2 argument must be equal to or greater than the value for the status-num 1 argument.

Example: 1-4, 6, 8-10.

Expected data offset

Enter the offset in bytes after which the first match operation for the expected response data starts.

Upon receiving a response packet, the NQA client searches the packet payload for the expected data.

·     If no offset is configured, the NQA client starts the first match operation from the beginning byte of the payload. If no match is found, it starts another match operation from the second byte of the payload. The process continues until a match is found or the last payload byte is tried.

·     If an offset is configured, the NQA client starts the first match operation after the specified offset bytes. If no match is found, it continues the match operation as if no offset was configured.

In whichever cases, the NQA client marks the NQA operation as successful if a match is found. If no match is found, it marks the NQA operation as failed.

Expected data

Enter the case-sensitive expected response data.

Destination IP address

Enter the destination IPv4 or IPv6 address for the probe packets.

Destination port number

Enter the destination port number for the probe packets.

Username

Enter the login username for the RADIUS operation. The username is case sensitive.

Password

Enter the login password in encrypted form The password is case sensitive.

Shared key

Enter the shared key in plaintext form. The shared key is case sensitive.

Destination IP address

Enter the destination IPv4 or IPv6 address for the probe packets.

Destination port number

Enter the destination port number for the probe packets.

SSL client policy

Select an existing SSL client policy or select Create SSL client policy to create an SSL client policy for the SSL template. The created SSL client policy will be displayed on the Objects > SSL > SSL Client Policies page.

In the SSL operation, the NQA client uses the specified SSL client policy to establish an SSL connection to the server.

Destination IP address

Enter the destination IPv4 or IPv6 address for the probe packets.

Next hop IP address

Enter the next hop IPv4 or IPv6 address for probe packets.

If the next hop address is not configured, the device searches the routing table to determine the next hop address for the probe packets.

Port detection

Enable port detection of the TCP half open template.

In the TCP half open operation, port detection probes whether the listening port of the TCP service on the destination device is available. If the NQA client receives the SYN-ACK packet from the destination device within the probe timeout time after sending a SYN packet, the TCP half open operation succeeds. If no SYN-ACK packet is received within the probe timeout time, the TCP half open operation fails.

Destination port number

Enter the destination port number for the probe packets.

Outgoing interface

Enter the outgoing interface for probe packets. For successful operation, the specified outgoing interface must be up.

Destination IP address

Enter the destination IPv4 or IPv6 address for the probe packets.

Destination port number

Enter the destination port number for the probe packets.

SNMP community

Enter the SNMP community name.

This item is required if the SNMP agent is configured with a community name.

Make sure the specified community name is the same as the community name configured on the SNMP agent.

SNMP version

Select the SNMP version used in the SNMP DCA operation.

For the SNMP DCA operation to work correctly, the selected SNMP version must match the version of the SNMP agent to be monitored.

Agent type

Select the type of the SNMP agent. Options are:

·     Net-SNMP.

·     Windows.

·     Customize.

The SNMP DCA operation monitors the performance of a device running an SNMP agent. It collects the CPU, memory, and disk usage from the SNMP agent and determines the device performance based on the collected object values and their associated thresholds and weights.

Different SNMP agent types use different OIDs for the CPU, memory, and disk usage objects. Make sure the SNMP agent type specified in the SNMP DCA template matches the type of the SNMP agent to be monitored.

For Net-SNMP or Windows SNMP agents, the NQA client has built-in OIDs to collect the CPU, memory, and disk usage objects. You can set the thresholds and weights for these objects. You can also add interested SNMP objects in the OID settings area.

For SNMP agents of the user-defined type, the NQA client does not have predefined SNMP objects to collect. You must configure the interested SNMP objects and their associated thresholds and weights.

CPU usage threshold

This item is available only when the Net-SNMP or Windows is selected for Agent type.

Enter the CPU usage threshold.

A threshold of 0 means that CPU usage is not used as a metric for measuring the SNMP agent performance.

CPU weight

This item is available only when the Net-SNMP or Windows is selected for Agent type.

Enter the weight of the CPU usage object.

A weight of 0 means that CPU usage is not used as a metric for measuring the SNMP agent performance.

Memory usage threshold

This item is available only when the Net-SNMP or Windows is selected for Agent type.

Enter the memory usage threshold.

A threshold of 0 means that memory usage is not used as a metric for measuring the SNMP agent performance.

Memory weight

This item is available only when the Net-SNMP or Windows is selected for Agent type.

Enter the weight of the memory usage object.

A weight of 0 means that memory usage is not used as a metric for measuring the SNMP agent performance.

Disk usage threshold

This item is available only when the Net-SNMP or Windows is selected for Agent type.

Enter the disk usage threshold. A threshold of 0 means that disk usage is not used as a metric for measuring the SNMP agent performance.

Disk weight

This item is available only when the Net-SNMP or Windows is selected for Agent type.

Enter the weight of the disk usage object.

A weight of 0 means that disk usage is not used as a metric for measuring the SNMP agent performance.

OID settings

To configure an SNMP object to monitor:

1.     Click Create in the OID settings area.

2.     In the Create OID window that opens, configure the following items:

¡     OID—Enter the OID of the SNMP object to monitor.

¡     OID usage threshold—Enter the threshold for the object. A threshold of 0 means that the object is not used as a metric for measuring the performance of the SNMP agent.

¡     OID weight—Enter the weight for the object. A weight of 0 means that the object is not used as a metric for measuring the performance of the SNMP agent.

3.     Click OK. The OID will be displayed on the OID list.

The OID configuration is required if the Customize agent type is used. You can add a maximum of eight OIDs.

Destination IP address

Enter the destination IPv4 or IPv6 address for the probe packets.

Destination port number

Enter the destination port number for the probe packets.

Username

Enter the login username. The username is case sensitive.

Shared key

Enter the shared key in plaintext form. The shared key is case sensitive.

VPN instance

Specify the VPN instance to which the operation applies.

You can select an existing VPN instance, Public network, or you can select Create VPN instance policy to create a VPN instance. The created VPN instance will be displayed on the Network > VPN page.

After you specify the VPN instance, the NQA operation tests the connectivity in the specified VPN instance.

TTL

Enter the maximum number of hops that the probe packets can traverse.

ToS

Enter the ToS value in the IP header of the probe packets.

Source IP address

Enter the source IPv4 or IPv6 address for the probe packets.

The source address must be the address of a local interface, and the interface must be up. Otherwise, no probe packets can be sent out.

Do not configure this item if the template is intended for use by a NAT address group.

Probe result frequency

Select the probe result sending basis. Options are:

·     Consecutive probes—Sends the probe result to the feature that uses the template after the specified number of consecutive failed or successful probes.

¡     Consecutive successful probes—Enter the number of consecutive successful probes that trigger probe result sending.

¡     Consecutive failed probes—Enter the number of consecutive failed probes that trigger probe result sending.

·     Per probe—Sends the probe result to the feature that uses the NQA template every time a probe is completed. This option is available only for ICMP and TCP half open templates.