Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ajoy
Staff
Staff

Created on ‎05-29-2023 09:27 PM Edited on ‎11-27-2025 01:09 AM By Community Manager

Article Id 258313

Technical Tip: Debug 'Connectivity Device error' when FortiNAC is configured as SNMP server on FortiGate

Description This article discusses debugging SNMP errors between FortiGate and FortiNAC.
Scope

FortiOS v6.x.x to v7.x.x.
Solution

Error visible on FortiNAC:

 

errt.PNG

FortiGate Side configuration:

 

ajoy_1-1685387977589.png

 

Steps to be followed on the FortiGate side:

 

Run an SNMP debug.

 

Putty1:

 

diagnose debug disable

diagnose debug reset

diagnose debug application snmpd -1

diagnose debug console timestamp enable

diagnose debug enable

------replicate the issue--------------------

 

To stop Debug:

 

diagnose debug reset

diagnose debug disable

 

Run a sniffer for SNMP destination port 161.

 

Putty2:

 

diagnose sniffer packet any "port 161 or  port 162" 6 0 a

 

  • Packets are seen on Port 161 when trying to establish a connection back and forth when replicating the issue.
  • Verify whether the FortiGate is able to reach the SNMP server using an ICMP ping test.
  • Confirm the configuration as per the diagram; it is possible to see 10.1.20.53 configured as an SNMP server:

Technical Tip: How to Configure FortiGate SNMP Agent for Monitoring

 

On the FortiNAC side:

  • As per the error, check if the credentials are correct to add the FortiGate device for Monitoring.
  • Check if it is possible to contact FortiGate by pinging the SNMP interface.
  • Confirm the SNMP query from the FortiNac side:

Technical Tip: Troubleshooting SNMP Timeout Errors

 

Perform Troubleshooting on the FortiNAC side.

 

Putty 1:

 

tcpdump -nni eth0 host <ip address> and port 161

 

Putty 2:

Run a snmpwalk and check for any error messages.

 

SNMP v1:

 

snmpwalk -v1 -c <R/W Community String> <ip address> system

 

SNMP v2:

 

snmpwalk -v2c -c <R/W Community String> <ip address> system

 

SNMP v3:

 

snmpwalk -v3 -u <username> -l <authpriv/authnopriv> -a <MD5/SHA> -A <password> -x <DES/AES> -X <password> <ipAddressOfDevice> system

 

  • Check if there are time-out errors. If there are errors, then check the configuration again in FortiNAC.

 

The issue above was resolved after resynching the interface in the article below, after the above steps were checked.

 

  • The interface on the FortiNac itself is synced as per:

Resync interfaces

 

It is necessary to have FortiNAC re-read the device to learn of the changes and display an accurate representation in the Ports tab in Topology View

 

After this, these errors should not be visible anymore if the basic connectivity is fine.
1491
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.