Created on 06-29-2007 12:00 AM Edited on 03-04-2024 12:19 PM By slovepreet
Article
Components | FortiGate HA Clusters running FortiOS 4.00 MR3, 5.0.x and 6.0.x |
Description |
You can use SNMP to manage a cluster by configuring a cluster interface for SNMP administrative access. Using an SNMP manager you can get cluster configuration and status information and receive traps. Configuring SNMP for a cluster is done in the same way as configuring SNMP for a standalone FortiGate unit. SNMP configuration changes made to the cluster are shared by all cluster units. This article also describes how to use a special community name with to get configuration and status information for any cluster unit (including subordinate units, also called slave units).
|
SNMP get command for the primary unit |
Normally, to get a configuration and status information for a standalone FortiGate unit or for a primary unit, an SNMP manager would use an SNMP get command to get the information in a MIB field. The SNMP get command syntax would be similar to the following: snmpget -v2c -c <community_name> <address_ipv4> <OID>
The following SNMP example command gets the HA status table for the primary unit. snmpget -v2c -c public 10.10.10.1 1.3.6.1.4.1.12356.1.100.6
snmpget -v2c -c public 10.10.10.1 1.3.6.1.4.1.12356.101.13.2.1 The community name is
|
SNMP get command for any cluster unit |
To get configuration status information for a specific cluster unit (for the primary unit or for any subordinate unit), the SNMP manager must add the serial number of the cluster unit to the SNMP get command after the community name. The community name and the serial number are separated with a dash. The syntax for this SNMP get command is: snmpget -v2c -c <community_name>-<fgt_serial> <address_ipv4> <OID>
If the serial number matches the serial number of a subordinate unit, the SNMP get request is sent over the HA heartbeat link to the subordinate unit. After processing the request, the subordinate unit sends the reply back over the HA heartbeat link back to the primary unit. The primary unit then forwards the response back to the SNMP manager. If the serial number matches the serial number of the primary unit, the SNMP get request is processed by the primary unit. You can actually add a serial number to the commuity name of any SNMP get request. But normally you only need to do this for getting information from a subordiate unit. To get the HA status table for a subordinate unit: The following SNMP get command gets the HA status table for a subordinate unit in a FortiGate-5001SX cluster.
snmpget -v2c -c public-FG50012205-----0 10.10.10.1 1.3.6.1.4.1.12356.1.100.6
The subordinate unit has serial number FG50012205-----0. FortiGate SNMP recognizes the community name with syntax |
Getting serial numbers for all the units in a cluster |
To be able to use the SNMP get command to display system information for any cluster unit you need to know each cluster unit serial number. If you do not have the serial numbers available, you can use the following SNMP command syntax to get all cluster unit serial numbers through fnHaStatsSerial MIB OID or its numerical OID The following SNMP get command uses the MIB field name to get all cluster unit serial numbers. IP address of the FortiGate HA Master being 10.10.10.1.
snmpwalk -v2c -c public 10.10.10.1 fnHaStatsSerial .1.3.6.1.4.1.12356.1.100.6.1.2.1 = STRING: "FG50012205-----2" For version 6.0.x: snmpwalk -v2c -c public 10.10.10.1 fgHaStatsSerial .1.3.6.1.4.1.12356.101.13.2.1.1.2.1 = STRING: "FGVM020000-----6"
|
Related Articles
Where to find the MIB files for FortiGate units - FortiOS MIBs download location
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.