Last weekend we had an outage due to the backend for one VIP going down. Everything I could see in the logs is that there were no backends available, and in Fortigate I can see that 50% of the connection ( the healthchecks) where refused.
So, on the left side you have a failed healthcheck and on the right side a good one.
Any idea why HAProxy could had start failing without any configuration changed being applied? After a machine reboot it came back fine. It was also happening on the failover instance of HAProxy.
I realized that sni ssl_fc_sni was not configured in the backend , but I am surprissed that we didn’t ran into problems for many weeks and suddenly it happened.
Here is the backend config:
server web1 10.11.1.1:443 maxconn 8 check inter 5s fall 4 rise 3 ssl verify none