Cloudflare Docs
Magic WAN
Visit Magic WAN on GitHub
Set theme to dark (⇧+D)

Configure tunnel health checks

By default, to check for tunnel health Cloudflare will send health checks consisting of ICMP (Internet Control Message Protocol) reply packets. These reply packets originate from an IP address within the prefix range and have another public Cloudflare IP as their destination address.

Cloudflare encapsulates the ICMP reply packet and sends the probe across the tunnel to the origin. When the probe reaches the origin router, the router decapsulates the ICMP reply and forwards it to the specified destination IP. The probe is successful when Cloudflare receives the reply.

For ICMP request-style health checks, you need to assign the target IP to a device in your network that can respond to the health check requests.

​​ Update health check frequency

By default, Cloudflare servers send health checks to each GRE, CNI, or IPsec tunnel endpoint you configure to receive traffic from Magic Transit and Magic WAN. You can configure this frequency via the API to suit your use case. For example, if you are connecting a lower-traffic site for which you do not need immediate failover and would rather receive a lower volume of health check traffic, you should set the frequency to low. On the other hand, if you are connecting a site that is extremely sensitive to any issues, and you want a more proactive failover at the earliest sign of a potential problem, you should set this to high.

Available options are low, mid, and high.

Here is an example of how you would adjust health check frequency to low. Note that this command applies to GRE, IPsec and CNI tunnels:

curl --request PUT \
--url<account_identifier>/magic/gre_tunnels/<tunnel_identifier> \
--header 'Content-Type: application/json' \
--header 'X-Auth-Email: <YOUR_EMAIL> ' \
--data'{"health_check": {"rate":"low"}}'

Refer to the API documentation for more information on how to update a GRE, IPsec or CNI tunnel.