Novell ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010 Manual page 137

L4 switches require you to use the IP address rather than the DNS name. If the IP address of the SSL
VPN Server is 10.10.16.50, and you have configured it for HTTPS, the heartbeat URL is:
https://10.10.16.50:8443/sslvpn/heartbeat
You must configure the L4 switch to use this heartbeat to perform a health check. If you have
configured SSL on the SSL VPN servers and your L4 switch has the ability to do an SSL L7 health
check, you can use HTTPS. The SSL L7 health check returns a value of
everything is healthy. Any other status code indicates an unhealthy state.
For a Foundry* switch, the L7 health check script string should look similar to the following when
the hostname is sslvpn1 and the IP address is 10.10.16.50:
healthck sslvpn1ssl tcp
dest-ip 10.10.16.50
port ssl
protocol ssl
protocol ssl url "GET /sslvpn/heartbeat HTTP/1.1\r\nHost: st160.lab.tst"
protocol ssl status-code 200 200
l7-check
If your switch does not support an SSL L7 health check, the HTTPS URL returns an error, usually a
404 error. The SSL VPN Server heartbeat URL listens on both HTTPS and HTTP, you can use an
HTTP URL for switches that do not support the SSL L7 health check. For example:
http://10.10.16.50:8080/sslvpn/heartbeat
An Alteon switch does not support the L7 health check, so the string for the health check should
look similar to the following:
open 8080,tcp
send GET /sslvpn/heartbeat HTTP/1.1\r\nHOST:heartbeat.lab.tst \r\n\r\n
expect HTTP/1.1 200
close
200 OK,
Configuring SSL VPN to Monitor Health of Cluster 137
indicating