snmpget -v2c -c <community_name>-<vdom_name> <address_ipv4> <OID><community_name> is the SNMP community name added to the FortiGate configuration. More than one community name can be added to a FortiGate SNMP configuration. The most commonly used community name is public.
snmpwalk -v2c -c TestCommunity-VDOM1 10.5.17.217 1.3.6.1.2.1.15The community name is TestCommunity.
Result:
# config vdom
edit root
next
edit VDOM1
next
edit VDOM2
next
end
# config global
config system interface
edit "port1"
set vdom "VDOM1"
set ip 10.134.1.217 255.255.240.0
set allowaccess ping
set type physical
set snmp-index 1
next
edit "mgmt"
set vdom "root"
set ip 10.5.17.217 255.255.240.0
set allowaccess ping https ssh snmp http telnet
set type physical
set dedicated-to management
set snmp-index 29
next
edit "vlan1-127"
set vdom "VDOM1"
set ip 10.127.1.217 255.255.240.0
set allowaccess ping
set snmp-index 41
set interface "aux"
set vlanid 127
next
edit "loop"
set vdom "VDOM1"
set ip 10.139.1.217 255.255.240.0
set allowaccess ping
set snmp-index 42
set interface "port1"
set vlanid 139
next
end
config system snmp sysinfo
set status enable
set description "TestUnit3240C-217"
set contact-info "tac@fortinet.com"
set location "Sophia"
end
config system snmp community
edit 1
set name "TestCommunity"
config hosts
edit 1
set ip 10.5.0.0 255.255.0.0
next
edit 2
set ip 172.26.0.0 255.255.0.0
next
end
set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open power-supply-failure faz-disconnect wc-ap-up wc-ap-down
next
end
end
# config vdom
edit VDOM1
config router bgp
set as 65567
set router-id 10.5.17.217
config neighbor
edit "10.134.1.218"
set remote-as 65656
set send-community6 disable
next
end
config network
edit 1
set prefix 10.127.0.0 255.255.240.0
next
edit 2
set prefix 10.139.1.216 255.255.255.252
next
end
config redistribute "connected"
set status enable
end
end
end
end
Example and troubleshooting:
snmpget -v2c -c TestCommunity-VDOM1 10.5.17.217 iso.3.6.1.2.1.15.2.0
The OID .1.3.6.1.2.1.15.2.0 is Name/OID: bgpLocalAs with the Value (Integer): 65567.FortiGate debug :
# diagnose debug application snmpd -1
# di de en
snmpd: updating cache: idx_cache
snmpd: <msg> 56 bytes 172.26.143.40:36298 -> 10.5.17.217/10.5.17.217:161 (itf 2.2)
snmpd: checking if community "TestCommunity-VDOM1" is valid
snmpd: checking against community "TestCommunity"
snmpd: request 1(root)/2/172.26.143.40 != comm 1/0/10.5.0.0/255.255.0.0
snmpd: request 1(root)/2/172.26.143.40 == comm 1/0/172.26.0.0/255.255.0.0
snmpd: matched community "TestCommunity-VDOM1"
snmpd: get : bgpLocalAs.0 -> (snmpd: bgppeer_cache_lookup:280 try to find key(rmt_addr_idx1=0.0.0.0) next=1 self=1 vd=2
snmpd: bgppeer_cache_lookup() fg_avl_min()
snmpd: bgppeer_cache_lookup:348 key(rmt_addr_idx1=0.0.0.0) next=1 self=1 vd=2 found: entry(rmt_addr_idx1=10.5.17.217 flags=0x1)
# diagnose sys vd list
system fib version=58
list virtual firewall info:
…/…
name=VDOM1 index=2 enabled use=25 rt_num=4 asym_rt=0 sip_helper=1, sip_nat_trace=1, mc_fwd=1, mc_ttl_nc=0, tpmc_sk_pl=0 ecmp=source-ip-based asym_rt6=0 rt6_num=13 strict_src_check=0 dns_log=1 ses_num=1 ses6_pkt_num=17417
tree_flag=1 tree6_flag=1 nataf=0 traffic_log=1 extended_traffic_log=0 svc_depth=2
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no tcp_no_syn_check=0
fw_session_hairpin=no
ipv4_rate=0, ipv6_rate=0
…/…
name=root index=0 enabled use=155 rt_num=46 asym_rt=0 sip_helper=1, sip_nat_trace=1, mc_fwd=1, mc_ttl_nc=0, tpmc_sk_pl=0 ecmp=source-ip-based asym_rt6=0 rt6_num=70 strict_src_check=0 dns_log=1 ses_num6_num=0 pkt_num=335247
tree_flag=1 tree6_flag=1 nataf=0 traffic_log=1 extended_traffic_log=0 svc_depth=1
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no tcp_no_syn_check=0
fw_session_hairpin=no
ipv4_rate=0, ipv6_rate=0
vf_count=7 vfe_count=48
Sniffer trace:
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.