FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dmillan
Staff
Staff
Description
This article describes the steps to troubleshoot when SNMP is not delivering interface state information from SNMP manager.

Solution
1) Validate if the SNMP request is coming to FortiGate from SNMP manager using the following command:
# diagnose sniffer packet any 'port 161' 4
interfaces=[any]
filters=[port 161]
3.679096 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 46
3.688234 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48
3.689097 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 47
3.697379 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48
3.698524 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 47
3.702318 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48
3.703162 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 47
3.708267 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48

2) Collect logs on FortiGate to validate SNMP request using following commands:
# diag debug enable
# diag debug application snmp -1
# diagnose debug crashlog write SNMP
# diag debug crashlog read 
3) If for any reason the interface status is not displayed, restart SNMP process using the following command:
# diagnose test application snmpd 99
snmpd: received debug test signal
restarting snmp daemon
snmpd: creating community=fortinet
snmpd: community: fortinet mask:       9e9ff9f37f
snmpd: creating community=FortiManager
snmpd: community: FortiManager mask: 7fffffffffffffff
snmpd: set mac_host_timeout as 300

4) Validate the SNMP interface status from SNMP manager.
snmpwalk -v2c -c fortinet 192.168.23.50 1.3.6.1.2.1.2.2.1.7
iso.3.6.1.2.1.2.2.1.7.1 = INTEGER: 2
iso.3.6.1.2.1.2.2.1.7.2 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.3 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.4 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.5 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.6 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.7 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.8 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.9 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.10 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.11 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.12 = INTEGER: 2
Note:

INTEGER 1: UP
INTEGER 2: DOWN


Contributors