Customers may require sending proxy protocol headers (to preserve client IP) while performing health monitoring for LDAP/LDAPS services. However, this functionality does not work as expected.

All

Proxy protocol is not supported for helper-based health monitors, including:

• LDAP
• POP
• IMAP
• SMTP
• FTP

Proxy protocol support in AVI is currently limited to native health monitors only, such as:

• HTTP
• HTTPS
• TCP
• UDP

Helper monitors (like LDAP/LDAPS) do not support proxy protocol because they use protocol-specific health check logic rather than raw connection-based checks.

Workaround:

Option 1: External Health Monitor (Proxy Protocol v1)

Use an external monitor script with curl to send proxy protocol v1 headers: 

#!/bin/bash

if [[ $IP =~ : ]]; then
curl -v -k --haproxy-protocol "ldaps://[$IP]:$PORT"
else
curl -v -k --haproxy-protocol "ldaps://$IP:$PORT"
fi

Note: This supports only proxy protocol v1

Option 2: Allow health checks without proxy protocol.

Backend will see SE data NIC IP instead of actual client IP