snmpget -v2c -c <community_name>-<vdom_name> <address_ipv4> <OID><community_name> is the SNMP community name added to the FortiGate configuration. More than one community name can be added to a FortiGate SNMP configuration. The most commonly used community name is public.
snmpwalk -v2c -c TestCommunity-VDOM1 10.5.17.217 1.3.6.1.2.1.15The community name is TestCommunity.
Result:
# config vdom
edit root
next
edit VDOM1
next
edit VDOM2
next
end
# config global
config system interface
edit "port1"
set vdom "VDOM1"
set ip 10.134.1.217 255.255.240.0
set allowaccess ping
set type physical
set snmp-index 1
next
edit "mgmt"
set vdom "root"
set ip 10.5.17.217 255.255.240.0
set allowaccess ping https ssh snmp http telnet
set type physical
set dedicated-to management
set snmp-index 29
next
edit "vlan1-127"
set vdom "VDOM1"
set ip 10.127.1.217 255.255.240.0
set allowaccess ping
set snmp-index 41
set interface "aux"
set vlanid 127
next
edit "loop"
set vdom "VDOM1"
set ip 10.139.1.217 255.255.240.0
set allowaccess ping
set snmp-index 42
set interface "port1"
set vlanid 139
next
end
config system snmp sysinfo
set status enable
set description "TestUnit3240C-217"
set contact-info "tac@fortinet.com"
set location "Sophia"
end
config system snmp community
edit 1
set name "TestCommunity"
config hosts
edit 1
set ip 10.5.0.0 255.255.0.0
next
edit 2
set ip 172.26.0.0 255.255.0.0
next
end
set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open power-supply-failure faz-disconnect wc-ap-up wc-ap-down
next
end
end
# config vdom
edit VDOM1
config router bgp
set as 65567
set router-id 10.5.17.217
config neighbor
edit "10.134.1.218"
set remote-as 65656
set send-community6 disable
next
end
config network
edit 1
set prefix 10.127.0.0 255.255.240.0
next
edit 2
set prefix 10.139.1.216 255.255.255.252
next
end
config redistribute "connected"
set status enable
end
end
end
end
Example and troubleshooting:
snmpget -v2c -c TestCommunity-VDOM1 10.5.17.217 iso.3.6.1.2.1.15.2.0
The OID .1.3.6.1.2.1.15.2.0 is Name/OID: bgpLocalAs with the Value (Integer): 65567.FortiGate debug :
# diagnose debug application snmpd -1
# di de en
snmpd: updating cache: idx_cache
snmpd: <msg> 56 bytes 172.26.143.40:36298 -> 10.5.17.217/10.5.17.217:161 (itf 2.2)
snmpd: checking if community "TestCommunity-VDOM1" is valid
snmpd: checking against community "TestCommunity"
snmpd: request 1(root)/2/172.26.143.40 != comm 1/0/10.5.0.0/255.255.0.0
snmpd: request 1(root)/2/172.26.143.40 == comm 1/0/172.26.0.0/255.255.0.0
snmpd: matched community "TestCommunity-VDOM1"
snmpd: get : bgpLocalAs.0 -> (snmpd: bgppeer_cache_lookup:280 try to find key(rmt_addr_idx1=0.0.0.0) next=1 self=1 vd=2
snmpd: bgppeer_cache_lookup() fg_avl_min()
snmpd: bgppeer_cache_lookup:348 key(rmt_addr_idx1=0.0.0.0) next=1 self=1 vd=2 found: entry(rmt_addr_idx1=10.5.17.217 flags=0x1)
# diagnose sys vd list
system fib version=58
list virtual firewall info:
…/…
name=VDOM1 index=2 enabled use=25 rt_num=4 asym_rt=0 sip_helper=1, sip_nat_trace=1, mc_fwd=1, mc_ttl_nc=0, tpmc_sk_pl=0 ecmp=source-ip-based asym_rt6=0 rt6_num=13 strict_src_check=0 dns_log=1 ses_num=1 ses6_pkt_num=17417
tree_flag=1 tree6_flag=1 nataf=0 traffic_log=1 extended_traffic_log=0 svc_depth=2
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no tcp_no_syn_check=0
fw_session_hairpin=no
ipv4_rate=0, ipv6_rate=0
…/…
name=root index=0 enabled use=155 rt_num=46 asym_rt=0 sip_helper=1, sip_nat_trace=1, mc_fwd=1, mc_ttl_nc=0, tpmc_sk_pl=0 ecmp=source-ip-based asym_rt6=0 rt6_num=70 strict_src_check=0 dns_log=1 ses_num6_num=0 pkt_num=335247
tree_flag=1 tree6_flag=1 nataf=0 traffic_log=1 extended_traffic_log=0 svc_depth=1
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no tcp_no_syn_check=0
fw_session_hairpin=no
ipv4_rate=0, ipv6_rate=0
vf_count=7 vfe_count=48
Sniffer trace:
Related Articles