Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
FortiKoala
Staff
Staff

Created on ‎11-29-2017 12:30 AM

Article Id 194489

Technical Note: SNMP ifDescr missing in FortiOS 5.4

Description
With FortiOS 5.2, and lower the "ifDescr" OID is systematically filled in with the interface name. 

This behavior was not compliant as per RFC 1213 that states: "ifDescr should be filled in with a textual string containing information about the interface. This string should include the name of the manufacturer, the product name and the version of the hardware interface." 

Since  FortiOS 5.4 and above, the "ifDesc" OID now behaves as per RFC 1213 i.e. "ifDesc" OID is effectively filled in with the interface description, that is: 
- The "description" variable value of each specific interface (CLI) 
- The "comment" field value of each specific interface (GUI) 

To summarize, in FortiOS 5.4 and above: 

- ifDescr OID returns the interface description 
- ifAlias OID returns interface alias 
- ifName OID returns interface name 

On FortiGates running FortiOS 5.2.x, all interfaces by default have SNMP ifDescr MIB populated.
$ snmpwalk -v3 -u blahblah -a MD5 -A blahblah1 -x DES -X blahblah1 -l authPriv -Oa 10.8.8.8 | grep -i desc
SNMPv2-MIB::sysDescr.0 = STRING: Fortigate v5.2.11
SNMPv2-MIB::sysORDescr.1 = STRING:
IF-MIB::ifDescr.1 = STRING: port1
IF-MIB::ifDescr.2 = STRING: port2
IF-MIB::ifDescr.3 = STRING: port3
IF-MIB::ifDescr.4 = STRING: port4
IF-MIB::ifDescr.5 = STRING: port5
IF-MIB::ifDescr.6 = STRING: port6
IF-MIB::ifDescr.7 = STRING: port7
IF-MIB::ifDescr.8 = STRING: port8
IF-MIB::ifDescr.9 = STRING: port9
IF-MIB::ifDescr.10 = STRING: port10
IF-MIB::ifDescr.13 = STRING: ssl.root
FortiGate running FortiOS 5.4.x the default SNMP ifDescr MIB values have changed
$ snmpwalk -v3 -u blahblah -a MD5 -A blahblah1 -x DES -X blahblah1 -l authPriv -Oa 10.8.8.8 | grep -i desc
SNMPv2-MIB::sysDescr.0 = STRING: Fortigate v5.4.5
SNMPv2-MIB::sysORDescr.1 = STRING:
IF-MIB::ifDescr.1 = STRING:
IF-MIB::ifDescr.2 = STRING:
IF-MIB::ifDescr.3 = STRING:
IF-MIB::ifDescr.4 = STRING:
IF-MIB::ifDescr.5 = STRING:
IF-MIB::ifDescr.6 = STRING:
IF-MIB::ifDescr.7 = STRING:
IF-MIB::ifDescr.8 = STRING:
IF-MIB::ifDescr.9 = STRING:
IF-MIB::ifDescr.10 = STRING:
IF-MIB::ifDescr.11 = STRING:

Workaround
In FortiOS v5.4 you can get the port descriptions using the following MIB

IF-MIB:ifMIB.ifMIBObjects.ifXTable.ifXEntry - 1.3.6.1.2.1.31.1.1.1
Labels:
6159
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.