we have an issue with integration of Fortigate Firewalls inside CheckMK.
We are using CheckMK 1.6.0p9 Raw Edition.
So far, we have managed it to Integrate the Fortigate Manager into our CheckMK via SNMP v3.
Now we try to integrate the VDOMs into CheckMK. For each VDOM we created a new Host in CheckMK with SNMP v3.
Our IP-Network colleagues said, they configured SNMP on the Fortigate VDOMs and enabled the Port 161 on the Firewall, but in CheckMK we’re facing still the “Timeout: No response from Host” Issue with SNMP.
Does someone have a hint, what could be the Issue?
First test with such a problem is a “snmpwalk” from the command line of your monitoring host to the target system. If your target system is configured the same way as a working system then it also should work. For such firewall systems the problem is most times a firewall rule forbidden such traffic.
I faced similar problem with Fortinet configuration. I have a few hosts configured to use SNMP as a connection. I would like to use snmpv3 connection. If I set Authentication protocol: SHA-1 (SHA-96) and privacy protocol: AES-128 it is working, but if change the Authentication protocol to SHA-2 (SHA-512), fail with: Failed to initiate SNMP (Maybe name resolution issue).
The device on the other end is configured with the same Authentication and privacy protocol.
I did test it through the console but I could not find more details.
I face the same issue with Checkmk Enterprise 1.6.0p27 on RHEL 8.5 with all current updates at work. The combination of SNMPv3 with privacy protocol AES-128 and authentication protocol SHA-96 works. But when switching to SHA-224 or higher and start the diagnostics, the error “Failed to initiate SNMP (Maybe name resolution issue)” appears, and no SNMP packet is sent to the target host (verified with tcpdump). This is mysterious, because with a manual snmpwalk (with the binary provided by Checkmk), even the higher protocols (e.g. SHA-256) work normally.
At home, I use Checkmk Raw edition 2.0.0p15 on Debian 11. The issue does not appear here.
I did not manage to find solution. Due to that reason I am using the lowest protocol configuration of SNMPv3. Check_Mk is using built in module to process the SNMP traps and on Check_Mk 1.6 is the latest I think version 8. This built in module can be turned of through the GUI. The only solution is debug the code and try to find out the problem. I did comparison between check_mk version 1.6 and 2.0 and I could not find, but I did not dig for too long. Also I could not find solution or explanation in the forum or internet.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.