This sounds like a configuration problem on the FortiGate, not a generic problem from checkmk.
Have you tested querying the FortiGate with others tools over SNMP such as snmpwalk from a Linux machine or the MIB Browser (Free MIB Browser / MIB Browser / SNMP Browser.) from Windows PC?
On the Forti, you have to:
enable SNMP on the interfaces (IPv4 and IPv6 indenpendently)
enable the SNMP agent
create a community name (as you did)
add a host with the IP address from the checkmk server within that community with the Query enabled
config system snmp community
edit 1
set name "YourCommunityString"
config hosts
edit 1
set ip 192.168.5.20 255.255.255.255
next
end
set query-v1-status disable
set trap-v1-status disable
set trap-v2c-status disable
next
end
thank you for the last response it solved my problem.
But now I would like to monitor our Fortimail but I get the default snmp error:
Starting job… SNMP scan failed: Cannot fetch system description OID .1.3.6.1.2.1.1.1.0. Please check your SNMP configuration. Possible reason might be: Wrong credentials, wrong SNMP version, Firewall rules, etc. Completed.
This is my snmp configuration I can’t understand why here it isn’t working…
Ping from the monitoring server to the fortimail is working (it’s the same configuration like on the fortigate where it works without problems)
Hey @Matthew1,
I’m sorry, but I have no experience with the FortiMail. The configuration snippet looks quite good to me. Just to be sure: the IPv4 address you garbled in the screenshot above is the one from the checkmk server, right?
Otherwise, the error output is a best practice:
Possible reason might be: Wrong credentials, wrong SNMP version, Firewall rules, etc.
@Matthew1 Where have you found this ‘Advanced Setting’ - we’Re facing the same issues with fortigate firewalls - we have one that is working fine with SNMP in CheckMK and three others the don’t. TI’m not the network device specialist, - but the one for CHeckMK and want to help the Network guys.
If you could lead me to the setting that helped you, that would be very nice.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.