Description
This article describes the steps to troubleshoot when SNMP is not delivering interface state information from SNMP manager.
Solution
1) Validate if the SNMP request is coming to FortiGate from SNMP manager using the following command:
# diagnose sniffer packet any 'port 161 or port 162' 4 0 a
interfaces=[any]
filters=[port 161]
3.679096 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 46
3.688234 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48
3.689097 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 47
3.697379 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48
3.698524 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 47
3.702318 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48
3.703162 port3 in 192.168.23.24.46930 -> 192.168.23.50.161: udp 47
3.708267 port3 out 192.168.23.50.161 -> 192.168.23.24.46930: udp 48
For wireshark convertible capture, use this:
# diagnose sniffer packet any 'port 161 or port 162' 6 0 a
2) Collect logs on FortiGate to validate SNMP request using following commands:
# diag debug enable
# diag debug application snmp -1
# diagnose debug crashlog write SNMP
# diag debug crashlog read
3) If for any reason the interface status is not displayed, restart SNMP process using the following command:
# diagnose test application snmpd 99
snmpd: received debug test signal
restarting snmp daemon
snmpd: creating community=fortinet
snmpd: community: fortinet mask: 9e9ff9f37f
snmpd: creating community=FortiManager
snmpd: community: FortiManager mask: 7fffffffffffffff
snmpd: set mac_host_timeout as 300
4) Validate the SNMP interface status from SNMP manager.
snmpwalk -v2c -c fortinet 192.168.23.50 1.3.6.1.2.1.2.2.1.7
iso.3.6.1.2.1.2.2.1.7.1 = INTEGER: 2
iso.3.6.1.2.1.2.2.1.7.2 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.3 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.4 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.5 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.6 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.7 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.8 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.9 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.10 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.11 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.7.12 = INTEGER: 2
Note:
INTEGER 1: UP.
INTEGER 2: DOWN.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.