Configure TCP Health Check for Next Hop Proxy

The address of the next hop of which the health check is to be performed must be configured under TCP Health Check.

To view the Health Check option, go to Configuration > Cluster > Health Check.

Health Check Configuration Parameters

Option	Description
Server Address	Address of the server for which the health check is to be performed. Format: IP\|FQDN:Port Example: 1.2.3.4:9091, 1.test.com:9080, [2001:db8:a0b:12f0::1]:7890
Enabled	Enable health check.
Disabled-Healthy	Disable health check. The server is always considered healthy without performing health checks. Example: If the configured health check server address is used in Next Hop Proxy settings, then SWG will forward the live traffic to this server since it's healthy.
Disabled-Unhealthy	Disable health check. The server is always considered unhealthy. This option may be used for putting the server in maintenance mode. Example: If the configured health check server address is used in Next Hop Proxy settings, then SWG will not forward live traffic to this server as its unhealthy.
Healthy Interval	Time Interval (In seconds) between health checks for a healthy server. Range: 1-99999 seconds Default Value: 10
Number of Healthy Retries	The Number of consecutive times the TCP connection must be successful for considering the server as healthy. Retries are done to ensure that the connection is not fluctuating. Range: 0-5 Default Value: 3
Unhealthy Interval	Time Interval (In seconds) between health checks for an unhealthy server. Range: 1-99999 seconds Default Value: 10
Number of unhealthy retries	A Number of consecutive times TCP connection must fail for considering the server as Unhealthy. Retries are done to ensure that the connection is not fluctuating. Range: 0-5 Default Value: 1
Number of worker threads	Specifies the number of threads used for doing TCP connection for the health check servers. Range: 1-30 Default Value: 5

A new checkbox is added in Next Hop Proxy List Synchronize this Host and Port to health check config for TCP health checks, when enabled, the host and port value is automatically pushed to Configuration > Cluster > Health Check in form Host:Port
- We can manually override the default health check settings e.g. disabling health checks, changing the frequency of health checks, etc.

Important: The auto-sync checkbox feature will be available in the upcoming release cycle.

One must configure the entries manually in Configuration > Cluster > Health Check.

Example Illustrating Healthy/Unhealthy Retries

Assume IP1:Port1 is configured in Configuration > Cluster > Health Check.

Number of healthy retries: 3.

Number of unhealthy retries: 3.

Case 1:

TCP 3-way handshake with IP1:Port1 is successful.
Retry the TCP connection for ‘Number of healthy retries’ times. If it is successful for all retries (In this example for i=1, 2 and 3), this server is considered healthy.

Case 2:

TCP 3-way handshake with IP1:Port1 fails.
Retry the TCP connection for ‘Number of unhealthy retries’ times. If it is failed for all retries (In this example for i=1, 2 and 3), this server is considered unhealthy.

Case 3:

TCP 3-way handshake with IP1:Port1 is successful.
Retry the TCP connection for ‘Number of healthy retries’ times.
- For i=1, the TCP connection is successful.
- For the next retry, i=2, the TCP connection fails. Retry the TCP connection for ‘Number of unhealthy retries’ times.
  - For i = 1, the TCP connection fails
  - For the next retry i.e. i=2, the TCP connection is a success. The Expectation is to fail. So, SWG marks this server as Unhealthy with the reason ‘Connection Unstable’