Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
afiroz
Staff
Staff

Created on ‎09-08-2024 11:03 PM

Article Id 339741

Technical Tip: Monitor IPsec Phase1 tunnel status via SNMP

Description This article describes how to monitor the status of the phase 1 tunnel of the IPsec.
Scope FortiGate.
Solution It is possible to only monitor the status of the individual phase 2 tunnels. There is no option to only monitor the status of the Phase 1 tunnel using SNMP.

As per the current design, the Kernel no longer sends any carrier on/off netlink events for ipsec interfaces when an SA is added or the last SA is removed; instead the carrier state stays on.
If SNMP is monitoring this carrier flag and reporting it through ifOperStatus, that would explain the current behavior. So it is not a reliable indicator of tunnel state; it is better to monitor tunnel state using the VPN-specific OIDs for tunnel status and SA counts.

Refer to the article to monitor the IPSEC tunnel (Phase 2) status via the SNMP by using the combination of Phase1 and Phase2 serial indicators:
Technical Tip: How to monitor the individual VPN tunnel by SNMP (OID)
201
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.