Snmp problems with fortigate devices

Hello there !

I meet a problem with fortigate devices and I don’t understand why.

On my fortigate devices, I activate SNMP. I add hosts who can make snmp request on those devices.
I activate snmp on my WAN interface…

When I run test connexion I get this result

image666×785 34.6 KB

Everything seems OK since the test manages to obtain the system name of the device.

But When I run a bulk discovery I have a timeout

image1043×580 28.5 KB

I don’t have the problem with SonicWall equipment.

Have any of you ever had this kind of problem?

Greetings,

Vincent

I already tried this solution without any success

image1164×405 69.2 KB

Did you enable SNMP on the host configuration page?

For debugging you can log into your Checkmk Site and run the following command:

cmk -Iivv HOSTNAME

As you are receiving timeout errors you can increase the timing options related to SNMP.

Hi @paulosantanabr

And thanks for help… This seemed obvious to me, so I didn’t specify it, but yes, the SNMP community was correctly populated in the host configuration.

I ran the commend you recommand.
The result is very very long so I will not put it here… But I noticed errors several times (always the same error) :

ERROR: SNMP error
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.

failed.

at the end I have this

image1785×446 70.6 KB

am I understanding correctly and do I need to “inject” the fortigate MIB file into the checkmk server?
if so, I’ve never done that… How do you do it?

Vincent

You don’t need that. The SNMP plugins do not depend on the MIB.
In the top of your screenshot there is a SNMP timeout error, you should check this.

Hi @thl-cmk

thanks for help
But I can’t make this timeout disappear. On the command line when I run a
snmpwalk -v2c -c community_string HOST
the command runs for about 45 seconds… it shows me the OIDs and their correspondence… but suddenly I get a “timeout no response from host”
even if I put a -t option (to set a timeout to 20 seconds for example, it doesn’t change anything…

the more I have to use it the less I like snmp

I think I succeeded!
I created a rule under Setup > SNMP Rules > Disabled or enabled sections (SNMP) where I excluded from discovery anything that was not “Forti”
I restarted discover on my host and it worked!
I will now have to test on the other Fortigate routers!

I confirm. It works !

one last thing. If you configure administration addresses (for example to restrict access to the https interface from only certain IP addresses) you must add the address of the server which makes the SNMP requests to these administration addresses.

@keneichi
The topic is a bit older, but I have the same problem and a question about your solution.

I have similar problems that my instance only queries my Forti devices (switches and firewalls) very sporadically.

Unfortunately I don’t have the menu item you describe.
I have managed the switches via the firewall. Can you give me the CLI variant if necessary?

These are the errors that are displayed

Check_MK [snmp] IndexError('list index out of range')CRIT, [piggyback] Success (but no data found for this host), Missing monitoring data for all pluginsWARN, execution time 36.5 sec
Check_MK HW/SW Inventory	Open the action menu	No data yet, please be patient, [snmp] IndexError('list index out of range')WARN	
Check_MK Discovery	Open the action menu	Services: all up to date, Host labels: all up to date, Parsing of section hr_mem failedWARN

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.