Description |
This article describes how to add a secondary SNMP server on VDOM-enabled FortiGate and FortiGate is on HA. |
Scope | FortiGate v7.2.0. |
Solution |
Suppose that interface ‘mgmt’ is a management interface for Primary FortiGate with:
IP 10.10.10.2/24 Interface port1 with IP 10.1.248.250/24
Both interface 'mgmt' and 'port1' are part of root VDOM
If VDOM is enabled on the FortiGate on HA, there are two options to configure SNMP.
Option 1: Enable ha-direct. Option 2: Without enabling ha-direct.
Note: In both scenarios, SNMP must be enabled on the root VDOM.
Option 1: Enable ha-direct. Management IP configured for HA will be used as a source/destination IP address. For the secondary SNMP server, it is possible to enable ha-direct too, then the interface IP address will be used as a source destination IP.
config system snmp community edit 1 set name "SNMP-SERVER" config hosts edit 1 set ip 10.10.10.100 255.255.255.255 set ha-direct enable next edit 2 set ip 192.168.100.1 255.255.255.255 set ha-direct enable next end set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure fm-if-change ha-member-up ha-member-down next end
Option 2: Without enabling ha-direct. Interface IP except HA management IP can be used as a source/destination IP address.
config system snmp community edit 1 set name "SNMP-SERVER" config hosts edit 1 set ip 10.10.10.100 255.255.255.255
next edit 2 set ip 192.168.100.1 255.255.255.25 next end set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure fm-if-change ha-member-up ha-member-down next end
FGT1(root) # get router info routing-table details 192.168.100.1 Routing table for VRF=0
FGT1(root) # diagnose sniffer packet any 'host 192.168.100.1' 4 0 a
Related articles: Technical Tip: FortiGate SNMP polling via the dedicated HA management portTechnical Tip: Configuring SNMP when VDOM is enabled |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.