Thanks a lot for the feedback bitwiz,
Very helpful. Due to lack of time I was not able to continue here?
I will take some time to continue working on it soon.
BR
1 Like
Hello,
I am pleased to inform you that we have made a bugfix version of the Special Agent available. See: checkmk_fortigate/checkmk_fortios-2.3.0_v1.2.0.mkp at main · WagnerAG/checkmk_fortigate · GitHub
Many thanks to everyone who worked on it and gave us feedback. From our point of view, the plugin should now work better with Fortigate version 7.4.x.
Happy monitoring.
Regards,
Simon
2 Likes
Hello Simon,
I can confirm this release works far better.
At the moment the only (and newly introduced) issue that confuses me is that all of my interface are CRIT now, apparently due to “parent: None”? Why does the parent influence the state of the interface check?
EDIT: oh, the CRIT marker is just placed at the wrong position. Every DOWN interface is CRIT, but the visual marker is placed at the very end. Should be fixed once all result components are yielded one by one, Checkmk should then take care to place the marker.
Hello bitwiz,
Thank you for your forum post and your contribution.
We have found the problem, it will be fixed soon.
Best regards,
Simon
1 Like
Hello Simon,
3 other issues I noticed (on one firewall each, all 7.4.8)
- fortios_dhcp_scope crash in discovery (parse function):
File "/omd/sites/site/local/lib/python3/cmk/base/plugins/agent_based/fortios_dhcp_scope.py", line 154, in parse_fortios_dhcp_scope
return {str(ipaddress.IPv4Network(f"{item['default_gateway']}/{item['netmask']}", strict=False)): DhcpServer(**item) for item in forti_dhcp_scope}
^^^^^^^^^^^^^^^^^^
File "/omd/sites/site/lib/python3.12/site-packages/pydantic/main.py", line 211, in __init__
validated_self = self.__pydantic_validator__.validate_python(data, self_instance=self)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pydantic_core._pydantic_core.ValidationError: 1 validation error for DhcpServer
options.0
Input should be a valid string [type=string_type, input_value={'code': 43, 'id': 1, 'ip...able', 'vci_string': []}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.9/v/string_type
Relevant agent section:
<<<fortios_dhcp_scope:sep(0)>>>
{"action": "", "build": 2795, "http_method": "GET", "http_status": 200, "limit_reached": false, "matched_count": 3, "name": "server", "next_idx": 2, "path": "system.dhcp", "results": [{"auto-configuration": "enable", "auto-managed-status": "enable", "conflicted-ip-timeout": 1800, "ddns-auth": "disable", "ddns-key": "ENC -1VYy2ZN+Jt/T1W1U1qFxBBCqqQCs=", "ddns-keyname": "", "ddns-server-ip": "0.0.0.0", "ddns-ttl": 300, "ddns-update": "disable", "ddns-update-override": "disable", "ddns-zone": "", "default-gateway": "10.255.1.1", "dhcp-settings-from-fortiipam": "disable", "dns-server1": "0.0.0.0", "dns-server2": "0.0.0.0", "dns-server3": "0.0.0.0", "dns-server4": "0.0.0.0", "dns-service": "specify", "domain": "", "exclude-range": [], "filename": "", "forticlient-on-net-status": "enable", "id": 2, "interface": "fortilink", "ip-mode": "range", "ip-range": [{"end-ip": "10.255.1.254", "id": 1, "lease-time": 0, "q_origin_key": 1, "start-ip": "10.255.1.2", "uci-match": "disable", "uci-string": [], "vci-match": "disable", "vci-string": []}], "ipsec-lease-hold": 60, "lease-time": 604800, "mac-acl-default-action": "assign", "netmask": "255.255.255.0", "next-server": "0.0.0.0", "ntp-server1": "0.0.0.0", "ntp-server2": "0.0.0.0", "ntp-server3": "0.0.0.0", "ntp-service": "local", "options": [], "q_origin_key": 2, "relay-agent": "0.0.0.0", "reserved-address": [], "server-type": "regular", "shared-subnet": "disable", "status": "enable", "tftp-server": [], "timezone": "", "timezone-option": "disable", "vci-match": "enable", "vci-string": [{"q_origin_key": "FortiSwitch", "vci-string": "FortiSwitch"}, {"q_origin_key": "FortiExtender", "vci-string": "FortiExtender"}], "wifi-ac-service": "specify", "wifi-ac1": "0.0.0.0", "wifi-ac2": "0.0.0.0", "wifi-ac3": "0.0.0.0", "wins-server1": "0.0.0.0", "wins-server2": "0.0.0.0"}, {"auto-configuration": "enable", "auto-managed-status": "enable", "conflicted-ip-timeout": 1800, "ddns-auth": "disable", "ddns-key": "ENC -1/+GKn79h2wsrWFTAkWUk0ggAhZg=", "ddns-keyname": "", "ddns-server-ip": "0.0.0.0", "ddns-ttl": 300, "ddns-update": "disable", "ddns-update-override": "disable", "ddns-zone": "", "default-gateway": "192.168.43.41", "dhcp-settings-from-fortiipam": "disable", "dns-server1": "0.0.0.0", "dns-server2": "0.0.0.0", "dns-server3": "0.0.0.0", "dns-server4": "0.0.0.0", "dns-service": "default", "domain": "", "exclude-range": [], "filename": "", "forticlient-on-net-status": "enable", "id": 3, "interface": "a", "ip-mode": "range", "ip-range": [{"end-ip": "192.168.43.42", "id": 1, "lease-time": 0, "q_origin_key": 1, "start-ip": "192.168.43.42", "uci-match": "disable", "uci-string": [], "vci-match": "disable", "vci-string": []}], "ipsec-lease-hold": 60, "lease-time": 604800, "mac-acl-default-action": "assign", "netmask": "255.255.255.252", "next-server": "0.0.0.0", "ntp-server1": "0.0.0.0", "ntp-server2": "0.0.0.0", "ntp-server3": "0.0.0.0", "ntp-service": "specify", "options": [{"code": 43, "id": 1, "ip": "", "q_origin_key": 1, "type": "string", "uci-match": "disable", "uci-string": [], "value": "antenna&apn=internet.telekom&pin=1234", "vci-match": "disable", "vci-string": []}], "q_origin_key": 3, "relay-agent": "0.0.0.0", "reserved-address": [], "server-type": "regular", "shared-subnet": "disable", "status": "enable", "tftp-server": [], "timezone": "", "timezone-option": "disable", "vci-match": "disable", "vci-string": [], "wifi-ac-service": "specify", "wifi-ac1": "0.0.0.0", "wifi-ac2": "0.0.0.0", "wifi-ac3": "0.0.0.0", "wins-server1": "0.0.0.0", "wins-server2": "0.0.0.0"}, {"auto-configuration": "enable", "auto-managed-status": "enable", "conflicted-ip-timeout": 1800, "ddns-auth": "disable", "ddns-key": "ENC -1DaHL+JcS4q5hdV0qyb+sLZXnAik=", "ddns-keyname": "", "ddns-server-ip": "0.0.0.0", "ddns-ttl": 300, "ddns-update": "disable", "ddns-update-override": "disable", "ddns-zone": "", "default-gateway": "192.168.20.9", "dhcp-settings-from-fortiipam": "disable", "dns-server1": "8.8.8.8", "dns-server2": "8.8.4.4", "dns-server3": "0.0.0.0", "dns-server4": "0.0.0.0", "dns-service": "specify", "domain": "", "exclude-range": [], "filename": "", "forticlient-on-net-status": "enable", "id": 4, "interface": "vlan20", "ip-mode": "range", "ip-range": [{"end-ip": "192.168.20.250", "id": 1, "lease-time": 0, "q_origin_key": 1, "start-ip": "192.168.20.20", "uci-match": "disable", "uci-string": [], "vci-match": "disable", "vci-string": []}], "ipsec-lease-hold": 60, "lease-time": 28800, "mac-acl-default-action": "assign", "netmask": "255.255.255.0", "next-server": "0.0.0.0", "ntp-server1": "0.0.0.0", "ntp-server2": "0.0.0.0", "ntp-server3": "0.0.0.0", "ntp-service": "specify", "options": [], "q_origin_key": 4, "relay-agent": "0.0.0.0", "reserved-address": [], "server-type": "regular", "shared-subnet": "disable", "status": "enable", "tftp-server": [], "timezone": "", "timezone-option": "disable", "vci-match": "disable", "vci-string": [], "wifi-ac-service": "specify", "wifi-ac1": "0.0.0.0", "wifi-ac2": "0.0.0.0", "wifi-ac3": "0.0.0.0", "wins-server1": "0.0.0.0", "wins-server2": "0.0.0.0"}], "revision": "e732284abd114124bb16c5978173401e", "serial": "FGT40FTK24011223", "size": 3, "status": "success", "vdom": "root", "version": "v7.4.8"}
- fortios_ntp crash in check function:
File "/omd/sites/site/lib/python3.12/site-packages/cmk/agent_based/v1/_check_levels.py", line 134, in check_levels
info_text = str(render_func(value)) # forgive wrong output type
^^^^^^^^^^^^^^^^^^
File "/omd/sites/site/local/lib/python3/cmk/base/plugins/agent_based/fortios_ntp.py", line 111, in <lambda>
render_func=lambda d: str(int(d)),
^^^^^^
TypeError: int() argument must be a string, a bytes-like object or a real number, not 'NoneType'
Relevant agent section:
{"action": "status", "build": 2795, "http_method": "GET", "name": "ntp", "path": "system", "results": [{"expires": 411, "ip": "208.91.112.62", "reachable": false, "server": "ntp2.fortiguard.com"}, {"expires": 1028, "ip": "208.91.112.61", "reachable": false, "server": "ntp1.fortiguard.com"}, {"expires": 189, "ip": "208.91.112.60", "reachable": false, "server": "ntp2.fortiguard.com"}, {"expires": 1069, "ip": "208.91.112.63", "reachable": false, "server": "ntp1.fortiguard.com"}], "serial": "FGT71FTK12345678", "status": "success", "vdom": "root", "version": "v7.4.8"}
- fortios_license crash in discovery function:
Note: this FGT40F does not have any valid active license anymore, all of them should be expired (the Hardware one, the last one to go, should’ve expired a few months ago)
File "/omd/sites/site/local/lib/python3/cmk/base/plugins/agent_based/fortios_license.py", line 232, in parse_fortios_license
license_modules = LicenseStatus(**json_data)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/omd/sites/site/lib/python3.12/site-packages/pydantic/main.py", line 211, in __init__
validated_self = self.__pydantic_validator__.validate_python(data, self_instance=self)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pydantic_core._pydantic_core.ValidationError: 1 validation error for LicenseStatus
results.support.enhanced
Field required [type=missing, input_value={}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.9/v/missing
Relevant agent section:
<<<fortios_license:sep(0)>>>
{"build": 2795, "http_method": "GET", "name": "status", "path": "license", "results": {"ai_malware_detection": {"entitlement": "AVDB", "expires": 1723248000, "last_update": 978303600, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "0.00000"}, "antispam": {"entitlement": "SPAM", "status": "no_license", "type": "live_fortiguard_service"}, "antivirus": {"db_status": "db_type_extended", "engine": {"last_update": 1743195480, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "version": "7.00041"}, "entitlement": "AVDB", "expires": 1723248000, "last_update": 1523293620, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "1.00000"}, "appctrl": {"entitlement": "FMWR", "expires": 1724371200, "last_update": 1724203845, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_sched", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "6.00741"}, "blacklisted_certificates": {"entitlement": "FURL", "last_update": 978303600, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "no_license", "type": "downloaded_fds_object", "version": "0.00000"}, "botnet_domain": {"entitlement": "AVDB", "expires": 1723248000, "last_update": 978303600, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "0.00000"}, "botnet_ip": {"last_update": 1724235900, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "licensed", "type": "downloaded_fds_object", "version": "7.03821"}, "data_leak_prevention": {"entitlement": "DLDB", "last_update": 978303600, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "no_license", "type": "downloaded_fds_object", "version": "0.00000"}, "device_os_id": {"entitlement": "FMWR", "expires": 1724371200, "last_update": 1723685445, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_sched", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "1.00167"}, "firmware_updates": {"entitlement": "FMWR", "expires": 1724371200, "status": "expired", "type": "live_fortiguard_service"}, "fortianalyzer_cloud": {"entitlement": "FAZC", "status": "no_license", "type": "live_cloud_service"}, "fortianalyzer_cloud_premium": {"entitlement": "AFAC", "status": "no_license", "type": "live_cloud_service"}, "forticare": {"account": "mail@example.invalid", "company": " Contoso Corp", "industry": "", "registration_status": "registered", "registration_supported": true, "status": "registered", "support": {}, "type": "cloud_service_status"}, "forticloud": {"account": "mail@example.invalid", "domain": "EUROPE", "multitenancy": false, "status": "cloud_logged_in", "type": "cloud_service_status"}, "forticloud_logging": {"log_retention_days": 7, "max_bytes": 524288000000000, "status": "free_license", "type": "live_cloud_service", "used_bytes": 4282384384}, "forticloud_sandbox": {"entitlement": "AVDB", "expires": 1723248000, "files_uploaded_daily": 0, "max_files_daily": 100, "status": "free_license", "type": "live_cloud_service"}, "forticonverter": {"entitlement": "FCSS", "status": "no_license", "type": "live_cloud_service"}, "fortiems_cloud": {"entitlement": "FCEM", "status": "no_license", "type": "account_level_live_cloud_service"}, "fortiguard": {"connected": true, "connection_issue": false, "fortigate_wan_ip": "1.2.3.4", "has_connected": true, "last_connection_success": 1754350144, "next_scheduled_update": 1754436540, "scheduled_updates_enabled": true, "server_address": "149.5.232.66:443", "supported": true, "type": "cloud_service_status", "update_server_usa": false}, "fortiguard_ai_based_sandbox": {"entitlement": "FAIS", "status": "no_license", "type": "live_cloud_service"}, "fortimanager_cloud": {"deprecated": true, "entitlement": "FMGC", "status": "no_license", "type": "live_cloud_service"}, "fortimanager_cloud_alci": {"entitlement": "FMGC", "status": "no_license", "type": "account_level_live_cloud_service"}, "fortisandbox_cloud": {"entitlement": "FSAC", "status": "no_license", "type": "live_cloud_service"}, "fortisandbox_cloud_alci": {"entitlement": "FSAP", "status": "no_license", "type": "account_level_live_cloud_service"}, "fortisase_lan_extension": {"entitlement": "FSFG", "status": "no_license", "type": "live_cloud_service"}, "fortisase_private_access": {"entitlement": "FSPA", "status": "no_license", "type": "live_cloud_service"}, "icdb": {"entitlement": "FMWR", "expires": 1724371200, "last_update": 1723685445, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_sched", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "1.00045"}, "industrial_db": {"entitlement": "ISSS", "last_update": 1448933400, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "no_license", "type": "downloaded_fds_object", "version": "6.00741"}, "inline_casb": {"entitlement": "FMWR", "expires": 1724371200, "last_update": 1719438480, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "1.00006"}, "internet_service_db": {"last_update": 1724235900, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "licensed", "type": "downloaded_fds_object", "version": "7.03821"}, "iot_detection": {"definitions": {"entitlement": "IOTH", "last_update": 1660753860, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "no_license", "type": "downloaded_fds_object", "version": "0.00000"}, "entitlement": "IOTH", "status": "no_license", "type": "live_fortiguard_service"}, "ips": {"db_status": "db_type_extended", "engine": {"last_update": 1746457800, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "version": "7.00570"}, "entitlement": "NIDS", "expires": 1723248000, "last_update": 978303600, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "0.00000"}, "local_in_virtual_patching": {"entitlement": "FMWR", "expires": 1724371200, "last_update": 1723685445, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_sched", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "0.00000"}, "malicious_urls": {"entitlement": "NIDS", "expires": 1723248000, "last_update": 1724290235, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_sched", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "1.00001"}, "mobile_malware": {"entitlement": "AVDB", "expires": 1723248000, "last_update": 978303600, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "0.00000"}, "ot_detection": {"detect_definitions": {"entitlement": "ISSS", "last_update": 978303600, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "no_license", "type": "downloaded_fds_object", "version": "0.00000"}, "patch_definitions": {"entitlement": "ISSS", "last_update": 978303600, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "no_license", "type": "downloaded_fds_object", "version": "0.00000"}}, "outbreak_prevention": {"entitlement": "ZHVO", "status": "no_license", "type": "live_fortiguard_service"}, "outbreak_security_rating": {"entitlement": "FMWR", "expires": 1724371200, "last_update": 978303600, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "0.00000"}, "psirt_security_rating": {"entitlement": "FMWR", "expires": 1724371200, "last_update": 978303600, "last_update_attempt": 1754350144, "last_update_method_status": "update_method_manual", "last_update_result_status": "update_result_not_authorized", "status": "expired", "type": "downloaded_fds_object", "version": "0.00000"}, "sdwan_network_monitor": {"entitlement": "SWNM", "status": "no_license", "type": "live_fortiguard_service"}, "sdwan_overlay_aas": {"entitlement": "SWOS", "status": "no_license", "type": "live_cloud_service"}, "security_rating": {"entitlement": "FGSA", "status": "no_license", "type": "functionality_enabling"}, "sms": {"max": 0, "status": "no_license", "type": "other", "used": 0}, "timezone_database": {"last_update": 0, "status": "licensed", "type": "downloaded_fds_object", "version": "1.00000"}, "vdom": {"can_upgrade": false, "max": 10, "type": "platform", "used": 1}, "web_filtering": {"category_list_version": 10, "entitlement": "FURL", "running": true, "status": "no_license", "type": "live_fortiguard_service"}}, "serial": "FGT40FTK23098765", "status": "success", "vdom": "root", "version": "v7.4.8"}
That’s all from me, good work otherwise. I can finally see the correct number of DHCP leases and the check even alerted me on 2 IP address conflicts.
Thanks,
Patrick
EDIT: for the interface check it should work identically to all other interface checks in Checkmk: store the interface state and speed (as found during first discovery) as expected state and only alert on change. DOWN ports are business as usual on any firewall as hardly anybody is going to fill the specific amount of ports available exactly.
Hello Patrick
Thank you very much for your feedback and also for the outputs – that really helps!
We will check the errors and hopefully have them resolved in the first release for CheckMK 2.4.
At the moment, we are working on the plugin migration.
If there are any updates from our side, we will definitely share them here in the forum.
Best regards
Roland
Hello,
Good news – we’ve completed the first version of the special agent with CheckMK 2.4 support.
Please check the release notes.
Many thanks to everyone who contributed and provided feedback.
Regards,
Roland
2 Likes
Thank you, I’ve rolled out the new MKP and can report that it does not introduce new issues.
The only false alerts at the moment have been there before:
- discovery crash in fortios_dhcp_scope.py line 155, discovery_fortios_dhcp_scope
TypeError ('NoneType' object is not iterable)
for input:
{'section_fortios_dhcp_lease': {'16:3b:3c:a9:90:83': DhcpLease(ip='192.168.20.22', mac='16:3b:3c:a9:90:83', status='leased', server_mkey=4),
'70:08:94:5c:36:c3': DhcpLease(ip='192.168.20.23', mac='70:08:94:5c:36:c3', status='leased', server_mkey=4),
'86:4a:d9:53:39:31': DhcpLease(ip='192.168.20.20', mac='86:4a:d9:53:39:31', status='leased', server_mkey=4),
'be:53:f1:08:a1:11': DhcpLease(ip='192.168.20.21', mac='be:53:f1:08:a1:11', status='leased', server_mkey=4)},
'section_fortios_dhcp_scope': None}
and
- NTP time check always CRIT on secondary FGTs (in HA failover pair)
Not an issue of the plugin itself, would need to be extended and expose a new WATO setting to ignore time drift on secondary firewalls.
For some reason secondary FGT always shows the NTP Time to be 2-4 seconds off (apparently the state transfer from active to standby unit takes that long?)
Not really an issue for us that would need fixed by the plugin devs, we simply add a rule that completely removes the NTP check for secondary firewalls as the output does not indicate any legitimate issue.
Hey bitwiz,
Once again – thank you very much for your feedback.
NTP Check:
We are aware that the check on the passive node in a cluster always shows as CRIT. We had already opened a case with Fortinet to investigate this behavior.
According to Fortinet, the passive node does not perform any NTP queries.
There is an official knowledge base article regarding this:
Fortinet KB – NTP status on secondary unit in FGCP HA cluster
As you mentioned, the best solution at the moment is to create a rule to exclude this check.
DHCP Scope:
The root cause of the error is clear (NoneType).
What’s unclear to us is how DHCP leases can be present without a DHCP scope (does the Fortigate return DHCP scopes when queriyng the endpoint https://ip:port/api/v2/cmdb/system.dhcp/server?access_token=theToken ?).
Is there perhaps a special configuration in place on your FortiGate?
We’re using this check across many different devices, and this issue has not occurred in our environment so far.
DHCP Scope:
at least it looks completely normal in config:
config system dhcp server
edit 2
set ntp-service local
set default-gateway 10.255.1.1
set netmask 255.255.255.0
set interface "fortilink"
config ip-range
edit 1
set start-ip 10.255.1.2
set end-ip 10.255.1.254
next
end
set vci-match enable
set vci-string "FortiSwitch" "FortiExtender"
next
edit 3
set dns-service default
set default-gateway 192.168.43.41
set netmask 255.255.255.252
set interface "a"
config ip-range
edit 1
set start-ip 192.168.43.42
set end-ip 192.168.43.42
next
end
config options
edit 1
set code 43
set type string
set value "antenna&apn=internet.mobile&pin=6289"
next
end
next
edit 4
set lease-time 28800
set default-gateway 192.168.20.9
set netmask 255.255.255.0
set interface "vlan20"
config ip-range
edit 1
set start-ip 192.168.20.20
set end-ip 192.168.20.250
next
end
set dns-server1 8.8.8.8
set dns-server2 8.8.4.4
next
end
As you can see at the end of the DHCP lease API output they always reference server_mkey=4, and indeed DHCP server #4 is the correct DHCP server config 192.168.20.x, and there is in fact a range 192.168.20.20-192.168.20.250 configured there (and as there are leases it seems to work correctly).
As this is only one device (no other) I’m probably going to open a Fortinet ticket for that as it seems like an API bug indeed.
This is awesome why is this not available on the official Exchange?
Hello @nicomueller-ws, thanks for the hint. See: Checkmk Exchange
1 Like
Thats great. Many thanks!
Do you by chance plan to remove the incompatibility with 2.4.x at some point?
Hello @meis ,
thanks for this plugin so far. Would it be possible to check managed switch fan and power supply status also? I did not found this in the source code.
I could not install the plug because of the lack of 2.4 support. All my Fortigates are checked from an 2.4 instance.
The latest version from the exchange that @meis linked should work with CMK 2.4. I have no errors here with this mkp on 2.4.
2 Likes
Hello @geppi007
I will check this. It depends on whether Fortigate also provides this information via API.
Hello @meis
This has been working great for most of our Fortigates. Is there a plan to support multiple VDOMs? Either grab all VDOMs or a way to create a field in the FortiOS agent to specify which VDOM we want to monitor?
Hello @tacticalAlmonds , we have already considered this, but it would require a major renovation. Feel free to get in touch with me if you are interested; perhaps we could do something together.
2 Likes