SNMP Failed on Solarwinds (1 Fortigate with 3 Management IPs)

Question

Hello,

We have 3 Management IPs configured for a Fortigate device. Only one is polling on Solarwinds, 2 are failing with SNMP.

MGMT-01 is .227 and MGMT-02 is .226

Screenshot 2026-04-08 175947.png

Here are the trace results (omitted and edited some characters):

id=65308 trace_id=21 func=print_pkt_detail line=5811 msg="vd-root:0 received a packet(proto=17, 10.x.x.88:62985->10.x.x.227:161) tun_id=10.0.0.2 from MGMT-02. "
id=65308 trace_id=21 func=init_ip_session_common line=5995 msg="allocate a new session-08f7faa3"
id=65308 trace_id=21 func=iprope_dnat_check line=5276 msg="in-[MGMT-02], out-[]"
id=65308 trace_id=21 func=iprope_dnat_tree_check line=834 msg="len=0"
id=65308 trace_id=21 func=iprope_dnat_check line=5288 msg="result: skb_flags-02000008, vid-0, ret-no-match, act-accept, flag-00000000"
id=65308 trace_id=21 func=vf_ip_route_input_common line=2611 msg="find a route: flag=80000000 gw-10.x.x.227 via root"
id=65308 trace_id=21 func=iprope_access_proxy_check line=439 msg="in-[MGMT-02], out-[], skb_flags-02000008, vid-0"
id=65308 trace_id=21 func=__iprope_check line=2273 msg="gnum-100017, check-ffffffbffc02bd34"
id=65308 trace_id=21 func=iprope_policy_group_check line=4694 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
id=65308 trace_id=21 func=iprope_fwd_check line=766 msg="in-[MGMT-02], out-[MGMT-01], skb_flags-02000008, vid-0, app_id: 0, url_cat_id: 0"
id=65308 trace_id=21 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=112, len=3"
id=65308 trace_id=21 func=__iprope_check_one_policy line=2025 msg="checked gnum-100004 policy-5, ret-no-match, act-accept"
id=65308 trace_id=21 func=__iprope_check_one_policy line=2025 msg="checked gnum-100004 policy-7, ret-no-match, act-accept"
id=65308 trace_id=21 func=__iprope_check_one_policy line=2025 msg="checked gnum-100004 policy-0, ret-matched, act-accept"
id=65308 trace_id=21 func=__iprope_user_identity_check line=1799 msg="ret-matched"
id=65308 trace_id=21 func=__iprope_check_one_policy line=2243 msg="policy-0 is matched, act-drop"
id=65308 trace_id=21 func=iprope_fwd_check line=803 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-drop, idx-0"
id=65308 trace_id=21 func=fw_local_in_handler line=606 msg="iprope_in_check() check failed on policy 0, drop"

It seems the routing is asymmetrical? Different path for IN and OUT, and it's hitting the implicit deny policy.

I checked this guide: Troubleshooting SNMP query failure from t... - Fortinet Community

And it seems to meet all the criteria mentioned in it.

Additional note: SSL-VPN is also not working for .227 and .226

Any ideas?

Markus_M · Answer

Try the

get router info routing-table details <ip>
so see what route the FortiGate would take. Your interface IPs are in a /32 subnet, so there is not much to route and it would take a default route.

id=65308 trace_id=21 func=vf_ip_route_input_common line=2611 msg="find a route: flag=80000000 gw-10.x.x.227 via root"

That, as you already found, seems to result in

[MGMT-01]

You may need a static route with /32 that covers this IP specifically. It will not affect other traffic as the more specific route wins for each IP.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded