SNMP Check FortiGate Firmware Version

droegech · March 20, 2022, 7:38pm

Hi,
i would like to monitor our Fortigate’s firmware version via snmp. I’m looking for a working check or for help creating one.

I already checked existing checks and Plugins, but none of them are firmware version related:

fortigate_cpu
fortigate_cpu_base
fortigate_ipsecvpn
fortigate_memory
fortigate_memory_base
fortigate_node
fortigate_sensors
fortigate_sessions
fortigate_sessions_base
fortigate_signatures
fortigate_sslvpn
fortigate_sync_status

Checkmk Exchange
Checkmk Exchange

Via snmp walk on one of our 60Fs i got following OIDs and Outputs:

.1.3.6.1.2.1.47.1.1.1.1.10.1,OctetString,FortiGate-60F v7.0.3,build0237,211207 (GA)
.1.3.6.1.2.1.47.1.2.1.1.2.1,OctetString,Fortinet Firewall FortiGate-60F v7.0.3,build0237,211207 (GA)

Is there a template i could use to create a simple check via a string returned from an specific snmp oid?

Man-in-Black · March 21, 2022, 7:16am

Hi,

you could write a local check and just echo the output of the OID:

#!/bin/bash
hostname="[SET HOSTNAME OF FIREWALL HERE]"
ip="[SET IP OF THE FIREWALL HERE]"
community="[SET CNMP COMMUNITY STRING HERE"
forti_fw_version=`snmpget -v2c $ip -c $community -On .1.3.6.1.2.1.47.1.2.1.1.2.1 | cut -d"," -f3
echo "<<<<${HOSTNAME}>>>>"
echo "<<<local>>>"
echo "0 \"FortiGate Version\" - ${forti_fw_version}"
echo "<<<<>>>>"

Place this as a shell script under /usr/lib/check_mk_agent/local/ and your good to go. (I hope I do not have any typo in the script )

and just to mention: with this script it should be displayed on the firewall itself, you only have to enter the host name of the firewall or the name used in checkmk for the firewall and the piggyback processing must be active.

mike1098 · March 21, 2022, 8:17am

You may could use “Classical active and passive Monitoring checks” together with check_snmp:

regards

Michael

robin.gierse · March 21, 2022, 9:12am

Did you actually add one of those devices to Checkmk? The SNMP Info check could contain the information you desire.

droegech · March 21, 2022, 9:29am

Hi Robin,

yes, we have approximately 40-50 fortigate devices already in our monitoring.
Is this snmp info check part of the check mk installation? We are using the cme version: 2.0.0p20

regards Christian

droegech · March 21, 2022, 9:42am

I found an external article which should bring me closer to a solution via the snmp info check.
Check_MK: SNMP based Check – LANbugs
Lets see what i can do.

robin.gierse · March 22, 2022, 7:08am

Yes, every SNMP based device should discover it. It contains the sysContact, sysLocation and oftentimes some sort of version information. It is plainly called ‘SNMP Info’.