| Description | This article describes an issue where a snmpwalk or any other SNMP query using SNMP v3 times out, even though the parameters are correct. This situation so far happens only in FortiGate HA clusters running the firmware version 7.6.0. |
| Scope | FortiGate. |
| Solution |
When a user attempts to make a query towards a FortiGate HA cluster using SNMP v3 in 7.6.0, the timeout issue can occur, as in the example below, receiving a message: 'timeout: no response from fortigate_ip':
However, the same query in FortiOS 7.4 works properly as below:
This query is done towards the HA management interface, and ha-direct is enabled; however, both units cannot be queried in 7.6.0. The FortiGate HA and SNMP have a simple configuration as below: HA configuration: config system ha set group-name "AzureHA" set mode a-p set hbdev "port3" 100 set session-pickup enable set session-pickup-connectionless enable set ha-mgmt-status enable config ha-mgmt-interfaces edit 1 set interface "port4" set gateway 172.16.64.193 next end set override disable set priority 1 set unicast-hb enable set unicast-hb-peerip 172.16.64.132 end
SNMP configuration:
config system snmp user edit "Alan" set notify-hosts ip_querier set ha-direct enable set security-level auth-no-priv set auth-proto sha256 set auth-pwd password next end
SNMP enabled in the port4, HA-management interface:
config system interface edit "port4"
set vdom "root"
set ip 172.16.64.196 255.255.255.192
set allowaccess ping https ssh snmp ftm
set type physical
set description "hammgmtport"
set snmp-index 4
next
Workarounds:
|
