FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssambandhan
Staff
Staff

Description
This article describes how to query specific VDOM Data using SNMPv3.
OSPF information is being  queried as an example.

NOTE:
Not all OID are supported with this method due to design limitations.
If there is a requirement to query specific OID via this method, contact our sales team to request a new feature.

Solution
Querying VDOM specific information via SNMPv3 is possible by using dedicated user name format.

In this example, FortiGate has the following VDOMs:
 
- 'root' (Management VDOM)
- 'One'

The information to query is the OSPF configuration, which is different for each VDOM.

On 'root' VDOM.

# config router ospf
    config area
        edit 0.0.0.4
        next
    end
    config network
        edit 1
            set prefix 192.168.174.0 255.255.255.0
            set area 0.0.0.4
        next
    end

end

On 'One' VDOM.

# config router ospf
    config area
        edit 0.0.0.25
        next
    end
    config network
        edit 1
            set prefix 192.168.25.0 255.255.255.0
            set area 0.0.0.25
        next
    end
    …
end

Create 2 SNMPv3 user entries as shown below.



 
 
 
 
The SNMPv3 user 'fortinet' will allow queries to ‘root’ VDOM and the SNMPv3 user 'fortinet-One' will allow queries to the ‘One’ VDOM.
The format to be used for user name is: <username>-<VDOM_Name>.

In addition, it is required to enable 'SNMP' access on the FortiGate interface which will be queried for SNMP.

Note:
This interface has to be member of the Management VDOM, in our case 'root'.
If trusted hosts are configured on the FortiGate, the SNMP manager IP should be added to the list.
 
Query the FortiGate from the SNMP manager using following command to request OSPF information for 'root' VDOM :
# snmpwalk -v3 -l authPriv -u fortinet -a SHA -A "<SHA-Password>" -x AES -X "<AES-Password>" <IPADDRESS of FortiGate> 1.3.6.1.2.1.14
Response:
SNMPv2-SMI::mib-2.14.1.1.0 = IpAddress: 0.0.0.0
SNMPv2-SMI::mib-2.14.1.2.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.3.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.4.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.5.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.6.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.7.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.8.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.9.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.10.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.11.0 = INTEGER: -1
SNMPv2-SMI::mib-2.14.1.12.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.13.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.14.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.15.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.16.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.17.0 = Gauge32: 1000000
SNMPv2-SMI::mib-2.14.1.18.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.19.0 = INTEGER: 60
SNMPv2-SMI::mib-2.14.1.20.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.21.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.22.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.23.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.24.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.25.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.26.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.27.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.28.0 = Timeticks: (0) 0:00:00.00
SNMPv2-SMI::mib-2.14.2.1.1.0.0.0.4 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.2.1.2.0.0.0.4 = NULL
SNMPv2-SMI::mib-2.14.2.1.3.0.0.0.4 = INTEGER: 1
SNMPv2-SMI::mib-2.14.2.1.4.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.5.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.6.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.7.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.8.0.0.0.4 = INTEGER: 0
SNMPv2-SMI::mib-2.14.2.1.9.0.0.0.4 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.10.0.0.0.4 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.11.0.0.0.4 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.12.0.0.0.4 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.13.0.0.0.4 = INTEGER: 40
SNMPv2-SMI::mib-2.14.2.1.14.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.1 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.2 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.3 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.4 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.7 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.10 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.1 = INTEGER: 1
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.2 = INTEGER: 2
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.3 = INTEGER: 3
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.4 = INTEGER: 4
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.7 = INTEGER: 7
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.10 = INTEGER: 10
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.1 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.2 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.3 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.7 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.10 = Gauge32: 0

Use a different user name to get the OSPF information from 'One' VDOM:
# snmpwalk -v3 -l authPriv -u Fortinet-One -a SHA -A "<SHA-Password>" -x AES -X "<AES-Password>" <IPADDRESS of FortiGate> 1.3.6.1.2.1.14
Response:
SNMPv2-SMI::mib-2.14.1.1.0 = IpAddress: 0.0.0.0
SNMPv2-SMI::mib-2.14.1.2.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.3.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.4.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.5.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.6.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.7.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.8.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.9.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.10.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.11.0 = INTEGER: -1
SNMPv2-SMI::mib-2.14.1.12.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.13.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.14.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.15.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.16.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.17.0 = Gauge32: 1000000
SNMPv2-SMI::mib-2.14.1.18.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.19.0 = INTEGER: 60
SNMPv2-SMI::mib-2.14.1.20.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.21.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.22.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.23.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.24.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.25.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.26.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.27.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.28.0 = Timeticks: (0) 0:00:00.00
SNMPv2-SMI::mib-2.14.2.1.1.0.0.0.25 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.2.1.2.0.0.0.25 = NULL
SNMPv2-SMI::mib-2.14.2.1.3.0.0.0.25 = INTEGER: 1
SNMPv2-SMI::mib-2.14.2.1.4.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.5.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.6.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.7.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.8.0.0.0.25 = INTEGER: 0
SNMPv2-SMI::mib-2.14.2.1.9.0.0.0.25 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.10.0.0.0.25 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.11.0.0.0.25 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.12.0.0.0.25 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.13.0.0.0.25 = INTEGER: 40
SNMPv2-SMI::mib-2.14.2.1.14.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.1 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.2 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.3 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.4 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.7 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.10 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.1 = INTEGER: 1
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.2 = INTEGER: 2
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.3 = INTEGER: 3
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.4 = INTEGER: 4
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.7 = INTEGER: 7
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.10 = INTEGER: 10
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.1 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.2 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.3 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.7 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.10 = Gauge32: 0

Related Articles

Technical Tip: How to query specific VDOMs using SNMPv1/v2

Contributors