Skip to main content
ErrantOsi
ErrantOsi
Explorer II
January 23, 2024
Solved

SNMP Monitoring both Firewalls seperate in a VDOM enabled HA-Cluster

  • January 23, 2024
  • 1 reply
  • 2772 views

Hello fellow Fortinet people. We have a new Fortigate Cluster (AP) with VDOMs enabled (our first Cluster with VDOM config). Now of course we want to monitore both firewalls seperately. Until now we always used the IP addresses of the dedicated management interfaces. However I just learned the following two limitations of Fortigates:

«To get SNMP working with VDOM enabled: Make sure that the interface where the SNMP collector connects to is part of the management VDOM.»
«Note: Dedicated management ports on a HA Cluster will not be part of any VDOM.»

Now from my understanding this means we cannot use the dedicated management interfaces (which are excluded from the HA). Does anyone of you has the same config and if yes, how do you monitor both firewall seperate?

Best answer by saleha

Hello,

 

Thank you for reaching out. If you want to monitor the secondary member of the cluster I believe you will need ha direct and reserving management port. I recommend checking out the article link below for recommendations:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Adding-Secondary-SNMP-server-on-FortiGate-HA-when/ta-p/249192

 

Thank you,

Ahmed Saleh

1 reply

saleha
Staff & Editor
salehaAnswer
Staff & Editor
January 23, 2024

Hello,

 

Thank you for reaching out. If you want to monitor the secondary member of the cluster I believe you will need ha direct and reserving management port. I recommend checking out the article link below for recommendations:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Adding-Secondary-SNMP-server-on-FortiGate-HA-when/ta-p/249192

 

Thank you,

Ahmed Saleh

ErrantOsi
ErrantOsiAuthor
Explorer II
April 5, 2024

Yeah we had to enable the HA-Direct option to fully use all services.

    Terms & ConditionsAccessibility statement