Skip to main content
funkylicious
SuperUser
funkylicious
SuperUser
January 6, 2025
Solved

FortiAuth - SNMP OID remaining tokens

  • January 6, 2025
  • 2 replies
  • 1781 views

Hi,


Hoping that someone could help in regards to the correct OID required to query FortiAuth-VM in order to get the number of FortiTokens available for usage, since the one I've found in a old forum post is not returning the correct value - https://community.fortinet.com/t5/Support-Forum/FortiAuthenticator-OIDs/td-p/228761

 

Upon querying, 1.3.6.1.4.1.12356.113.1.202.6.0 , I get a value of 244 which is more than the total amount of registered/available tokens in FAC-VM.

 

iso.3.6.1.4.1.12356.113.1.202.6.0 = INTEGER: 244

FortiToken Mobile

Used: 148Populated: 155Available: 7Disabled: 0

 

Using .1.3.6.1.4.1.12356.113.1.202.3.0 returns the correct amount of tokens since I also got 1 Yubikey registered (populated).

 

iso.3.6.1.4.1.12356.113.1.202.3.0 = INTEGER: 156

FortiToken Mobile / Yubikey Tokens

Used: 148Populated: 155Available: 7Disabled: 0
Used: 0Populated: 1Available: 1Disabled: 0


I am trying to create a plugin in the internal monitoring platform in order to have a view of this info w/o accesing the webUI.

 

Thanks.

Best answer by pminarik

"facFortiTokenCount" (.1.3.6.1.4.1.12356.113.1.202.3.0) = Number of FortiTokens (in general) that exist in the config on the unit.

"facFortiTokenRemaining" (.1.3.6.1.4.1.12356.113.1.202.6.0) = Number of tokens that can still be added before reaching the licensing limit.

 

Essentially, if you go to the GUI and into Authentication > User Management > FortiTokens, you will see  "<X> / <Y> FortiTokens" at the bottom of the page. This is <number of tokens> / <total possible number of tokens> (=max limit).

The OIDs are mapped as <X> = facFortiTokenCount, <Y> - <X> = facFortiTokenRemaining

 

As far as I can tell from skimming through the MIB file, there isn't an OID that will give out detailed usage counts of tokens (assigned/unassigned).

 

 

 

If I can offer an alternative, you can use the REST API to pull info about tokens, and filter for them by state.

https://docs.fortinet.com/document/fortiauthenticator/6.6.2/rest-api-solution-guide/875895/fortitokens-fortitokens

2 replies

pminarik
Staff
pminarikAnswer
Staff
January 6, 2025

"facFortiTokenCount" (.1.3.6.1.4.1.12356.113.1.202.3.0) = Number of FortiTokens (in general) that exist in the config on the unit.

"facFortiTokenRemaining" (.1.3.6.1.4.1.12356.113.1.202.6.0) = Number of tokens that can still be added before reaching the licensing limit.

 

Essentially, if you go to the GUI and into Authentication > User Management > FortiTokens, you will see  "<X> / <Y> FortiTokens" at the bottom of the page. This is <number of tokens> / <total possible number of tokens> (=max limit).

The OIDs are mapped as <X> = facFortiTokenCount, <Y> - <X> = facFortiTokenRemaining

 

As far as I can tell from skimming through the MIB file, there isn't an OID that will give out detailed usage counts of tokens (assigned/unassigned).

 

 

 

If I can offer an alternative, you can use the REST API to pull info about tokens, and filter for them by state.

https://docs.fortinet.com/document/fortiauthenticator/6.6.2/rest-api-solution-guide/875895/fortitokens-fortitokens

funkylicious
SuperUser
funkyliciousAuthor
SuperUser
January 6, 2025

Hmm, ok.

Thanks for the clarifications, I will try the REST API in order to get the data that I need.

"jack of all trades, master of none"
solasko2
solasko2
New Member
January 6, 2025

There's an ipsec tunnel down trap but idk if there's a dead peer detected trap. This is afaik only logged into the device log https://100001.onl/ .

Terms & ConditionsAccessibility statement