Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dmillan
Staff
Staff

Created on ‎01-04-2017 08:20 PM Edited on ‎07-21-2022 10:57 PM By Community Manager

Technical Tip: How to troubleshoot on FortiGate when SNMP Is not delivering interface state information

Description

 

This article describes the steps to troubleshoot when SNMP is not delivering interface state information from SNMP manager.


Solution


1) Validate if the SNMP request is coming to FortiGate from SNMP manager using the following command:

 

# diagnose sniffer packet any 'port 161 or port 162' 4 0 a
interfaces=[any]
filters=[port 161]
3.679096 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 46
3.688234 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48
3.689097 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 47
3.697379 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48
3.698524 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 47
3.702318 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48
3.703162 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 47
3.708267 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48

 

For wireshark convertible capture, use this:

 

# diagnose sniffer packet any 'port 161 or port 162' 6 0 a


2) Collect logs on FortiGate to validate SNMP request using following commands:

 

# diag debug enable
# diag debug application snmp -1
# diagnose debug crashlog write SNMP
# diag debug crashlog read 

 

3) If for any reason the interface status is not displayed, restart SNMP process using the following command:

 

# diagnose test application snmpd 99
snmpd: received debug test signal
restarting snmp daemon
snmpd: creating community=fortinet
snmpd: community: fortinet mask:       9e9ff9f37f
snmpd: creating community=FortiManager
snmpd: community: FortiManager mask: 7fffffffffffffff
snmpd: set mac_host_timeout as 300


4) Validate the SNMP interface status from SNMP manager.

 

snmpwalk -v2c -c fortinet 192.168.23.50 1.3.6.1.2.1.2.2.1.7
iso.3.6.1.2.1.2.2.1.7.1 = INTEGER: 2
iso.3.6.1.2.1.2.2.1.7.2 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.3 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.4 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.5 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.6 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.7 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.8 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.9 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.10 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.11 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.12 = INTEGER: 2

 

Note:
INTEGER 1: UP.
INTEGER 2: DOWN.

Labels:
39539
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.