FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Goutham_FTNT
Staff
Staff
Description
This article describes the steps to configure FortiGate's OID as a custom sensor on PRTG Network Monitor.
gouthams_FD37222_tn_FD37222-1.jpg

Solution
Configuration GUI

FortiGate
Login to the FortiGate device.

To enable SNMP on the Interface:
  • Navigate to System> Network> Interface.
  • Select Edit on the interface allowing SNMP.
  • Enable SNMP and select OK.
Navigate to System> Config> SNMP> Click on Create New below "SNMP v1/v2c".

Give the community name, this should match the community name on the PRTG.

Click on Add under Host and give the IP address of the PRTG server, specify the interface as ANY and Host type as "Accept queries and send traps" > click on "OK".

In order to create custom sensor the "Fortinet Core MIB file" is required in order to obtain the OID value as per the requirement of the custom sensor.

Navigate to System> Config> SNMP> Download Fortinet Core MIB file.

Open this MIB file using any MIB reader.

In this scenario "fg sys cpu usage" will be used as the example custom sensor.

MIB Reader
Any third party free MIB reader software can be used.
  • Open MIB reader and load the MIB file downloaded from FortiGate.
  • Navigate to FORTINET-FORTIGATE-MIB > fg system info > fg sys cpu usage
  • Save the OID for "fg sys cpu usage".

PRTG SNMP Tool
To add the custom sensor on PRTG:
  • Go to Senors> Add> Select "Create a new Device" and click on Continue.
  • Give the group name > Under "Credentials For SNMP device", give the SNMP Version - Select v2c, give the community string as specified in the Fortigate snmp community configuration, SNMP port as 161 > Click on Continue.
  • For the group being created , click on "Add device".
  • Enter the Device name, IP version, IP address and leave the rest as default > Click on Continue.
  • For the device being added, click on "Add sensor", search for "SNMP custom" and click on "Add This".
  • Give the Sensor Name and give the OID value copied earlier from MIB reader for "fg sys cpu usage ".

Configuration CLI

FortiGate
config system snmp community
edit 1
        set name "snmp"
        set status enable
            config hosts
                edit 1
                    set source-ip 0.0.0.0
                    set ip 172.26.48.5 255.255.255.0
                    set interface ''
                    set ha-direct disable
                    set host-type any
                next
            end

Verification on CLI

FortiGate
FGT#config system snmp community
edit 1
show full-configuration
set name "snmp"
        set status enable
            config hosts
                edit 1
                    set source-ip 0.0.0.0
                    set ip 172.26.48.5 255.255.255.0
                    set interface ''
                    set ha-direct disable
                    set host-type any
                next
            end
        set query-v1-status enable
        set query-v1-port 161
        set query-v2c-status enable
        set query-v2c-port 161
        set trap-v1-status enable
        set trap-v1-lport 162
        set trap-v1-rport 162
        set trap-v2c-status enable
        set trap-v2c-lport 162
        set trap-v2c-rport 162
        set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open faz-disconnect wc-ap-up wc-ap-down
             next
       end

Troubleshooting

Community mismatch error on FortiGate logs.
Make sure that the community name on the FortiGate and on the PRTG group are matching.

On the FortiGate the community name can be found under System> Config> SNMP.

On the PRTG > Devices> Click the group > Settings "Credentials For SNMP device" > Community name.

Screen shots

MIB reader

gouthams_FD37222_tn_FD37222-2.jpg

PRTG

gouthams_FD37222_tn_FD37222-3.jpg

FortiGate

gouthams_FD37222_tn_FD37222-4.jpg

Contributors