FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssriswadpong
Staff
Staff
Article Id 199930
Description This article describes OID for monitoring IPsec tunnel status
Scope  
Solution

IPsec tunnel status can be monitored by OID. 1.3.6.1.4.1.12356.101.12.2.2.1.20 (fgVpnTunEntStatus). 

 

The is INTEGER: 1 means tunnel down and INTEGER: 2 means tunnel up.

 

Below are all the SNMP OIDs related to IPsec VPN: tunnelsfgVpnTunEntSelectorSrcPort 1.3.6.1.4.1.12356.101.12.2.2.1.10
fgVpnTunEntSelectorDstBeginIp 1.3.6.1.4.1.12356.101.12.2.2.1.11
fgVpnTunEntSelectorDstEndIp 1.3.6.1.4.1.12356.101.12.2.2.1.12
fgVpnTunEntSelectorDstPort 1.3.6.1.4.1.12356.101.12.2.2.1.13
fgVpnTunEntSelectorProto 1.3.6.1.4.1.12356.101.12.2.2.1.14
fgVpnTunEntLifeSecs 1.3.6.1.4.1.12356.101.12.2.2.1.15
fgVpnTunEntLifeBytes 1.3.6.1.4.1.12356.101.12.2.2.1.16
fgVpnTunEntTimeout 1.3.6.1.4.1.12356.101.12.2.2.1.17
fgVpnTunEntInOctets 1.3.6.1.4.1.12356.101.12.2.2.1.18
fgVpnTunEntOutOctets 1.3.6.1.4.1.12356.101.12.2.2.1.19
fgVpnTunEntPhase1Name 1.3.6.1.4.1.12356.101.12.2.2.1.2
fgVpnTunEntStatus 1.3.6.1.4.1.12356.101.12.2.2.1.20
fgVpnTunEntVdom 1.3.6.1.4.1.12356.101.12.2.2.1.21
fgVpnTunEntPhase2Name 1.3.6.1.4.1.12356.101.12.2.2.1.3
fgVpnTunEntRemGwyIp 1.3.6.1.4.1.12356.101.12.2.2.1.4
fgVpnTunEntRemGwyPort 1.3.6.1.4.1.12356.101.12.2.2.1.5
fgVpnTunEntLocGwyIp 1.3.6.1.4.1.12356.101.12.2.2.1.6
fgVpnTunEntLocGwyPort 1.3.6.1.4.1.12356.101.12.2.2.1.8
fgVpnTunEntSelectorSrcBeginIp 1.3.6.1.4.1.12356.101.12.2.2.1.8
fgVpnTunEntSelectorSrcEndIp 1.3.6.1.4.1.12356.101.12.2.2.1.9

 

The OID 1.3.6.1.4.1.12356.101.12.2.2.1.1 (fgVpnTunEntIndex) is not listed since FortiOS 6.2.3.


As per the current design for SNMP query, both phase1 serial and phase2 serial are used to be indexes for VPN Tunnel list.

So the original fgVpnTunEntIndex is not used anymore.