FortiGate SNMP Monitoring not working

Hello,

we have two Fortigate FW in other locations. The Fortigate devices were managed with the FortiManager. But I can also access directly over IP Adress.

I have enabled SNMP on both Firewalls, but I’m not abled to monitor these devices with CHeckMK.

EDIT: I tried already to configure the Host with “SNMP v1” and “V2 or V3”.

image

Maybe anyone has an idea?
Thanks in advance.

This sounds like a configuration problem on the FortiGate, not a generic problem from checkmk.

Have you tested querying the FortiGate with others tools over SNMP such as snmpwalk from a Linux machine or the MIB Browser (Free MIB Browser / MIB Browser / SNMP Browser.) from Windows PC?

On the Forti, you have to:

  • enable SNMP on the interfaces (IPv4 and IPv6 indenpendently)
  • enable the SNMP agent
  • create a community name (as you did)
  • add a host with the IP address from the checkmk server within that community with the Query enabled

On the FortiGate GUI itself it looks like this:

On the CLI it should be something like this:

config system snmp community
    edit 1
        set name "YourCommunityString"
        config hosts
            edit 1
                set ip 192.168.5.20 255.255.255.255
            next
        end
        set query-v1-status disable
        set trap-v1-status disable
        set trap-v2c-status disable
    next
end

Cheers,
Johannes

2 Likes

Hello Johannes,

thank you for the last response it solved my problem.
But now I would like to monitor our Fortimail but I get the default snmp error:

Starting job…
SNMP scan failed: Cannot fetch system description OID .1.3.6.1.2.1.1.1.0. Please check your SNMP configuration. Possible reason might be: Wrong credentials, wrong SNMP version, Firewall rules, etc.
Completed.

This is my snmp configuration I can’t understand why here it isn’t working…
Ping from the monitoring server to the fortimail is working (it’s the same configuration like on the fortigate where it works without problems)

Maybe do you have an idea?

Hey @Matthew1,
I’m sorry, but I have no experience with the FortiMail. The configuration snippet looks quite good to me. Just to be sure: the IPv4 address you garbled in the screenshot above is the one from the checkmk server, right?

Otherwise, the error output is a best practice:

Possible reason might be: Wrong credentials, wrong SNMP version, Firewall rules, etc.

Have you checked everything?

Yes exactly it is the IP of the monitoring server.
SNMP Credentials are ok and firewall rules too…

Danke trotzdem! :wink:

No I found out the simple solution :see_no_evil:

image

In the interface I had to enable the snmp…

@Matthew1 Where have you found this ‘Advanced Setting’ - we’Re facing the same issues with fortigate firewalls - we have one that is working fine with SNMP in CheckMK and three others the don’t. TI’m not the network device specialist, - but the one for CHeckMK and want to help the Network guys.

If you could lead me to the setting that helped you, that would be very nice.

Hello @aroseman,

yes, it was the setting on the interrface where I have to enable the SNMP:

I hope it helps… :wink:

Thanks - i’ve informed our network guy and let them check if they can find this setting.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.