FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adhawan
Staff
Staff
Article Id 256658

Description

 

This article describes a way to troubleshoot SNMP traps that are not sent by the FortiGate.

 

Scope

 

FortiGate.

 

Solution

 

To verify if the SNMP port 161 is in use by FortiGate, use the following command to show a corresponding entry:

 

diag sys udpsock | grep 161

0.0.0.0:2668->0.0.0.0:0 state= txq=0 rxq=0 uid=0 inode=90161112 process=337/dnsproxy

 

In this case, 161 is not part of the port (x.x.x.x:161): it is a coincidence. In the above output, port 161 is closed (in the current VDOM).

Possible cause: 'ha-direct' may be enabled on the SNMP user / community.

 

For SNMPv2:

 

config system snmp sysinfo

    set status enable

    set description "Dublin"

    set contact-info "fortinet@example.com"

    set location "Dublin, Ireland"

end

 

config system snmp community

edit 2

set name "Enter here the Community name"

config test

edit 1

set ip 10.5.6.100 255.255.255.255

set ha-direct disable

next

end

set query-v1-status disable

set trap-v1-status enable

set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open temperature-high voltage-alert power-supply-failure faz-disconnect wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down device-new per-cpu-high dhcp pool-usage ospf-nbr-state-change ospf-virtnbr-state-change

next

end

 

To verify if the SNMP process is listening again via a command:

 

diag sys udpsock | grep 161

  1.  

->0.0.0.0:0 state= txq=0 rxq=0 uid=0 inode=90220553 process=19744/snmpd <- Port 161 is in use.

0.0.0.0:2668->0.0.0.0:0 state= txq=0 rxq=0 uid=0 inode=90161112 process=337/dnsproxy

 

Related article:

Technical Tip: View which ports are actively open and in use by FortiGate