FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cskuan
Staff
Staff
Article Id 198520

Description

 

This article describes how to find and set the correct OID to monitor each interface state with SNMP polling.

 

Scope

 

FortiGate.


Solution


FortiGate system resources and other statuses can be monitored with SNMP polling. An OID (Object Identifier Value) is an address used to identify a particular device and its status. Each device has a unique OID which can be used to track the performance and status of that particular device.

 

Download the FortiGate both MIB files under SNMP. Once download the MIB files we need to search for the OID number in the files:

Technical Tip: How to get and troubleshoot MIBs and OIDs from SNMP


To check a device's OID:

 

  1. Install any MIB browser (iReasoning was used as an example in this article).
  2.  Use the MIB browser to load the FortiGate MIB file to find the OID for the status of the interface.
 
 
1.3.6.1.2.1.2.2.1.8(ifOperStatus) is the OID used to check the interface's status.

A FortiGate can have multiple interfaces. To monitor a specific interface, use the OID 1.3.6.1.2.1.2.2.1.8.x, where the 'x' is the snmp-index number for that specific interface.
To check the SNMP-index number of the interface, issue the command 'show system interface' and check the output. For example:

config system interface
    edit "1-A10"
        set vdom "root"
        set type physical
        set snmp-index 10 <-
    next
end
 
The correct OID for 1-A10 will be 1.3.6.1.2.1.2.2.1.8.10.
 
Note:
OID .1.3.6.1.2.1.2.2.1.8.X (ifOperStatus) refers only to the physical interface and subinterface status.
It should not be used for checking the VPN interface status.
 
The reason is clarified in this article:
 
A separate OID exists for checking the VPN interface status: 1.3.6.1.4.1.12356.101.12.2.2.1.20 (fgVpnTunEntStatus).

Another option to find the OID is to connect the iReasoning MIB browser with the FortiGate. Below are the steps to do it:

 

  1. Create SNMP Agent and SNMP Community on the FortiGate after going to System -> SNMP -> Create New (under SNMPv1/v2c):

 

2.jpg

 

1.jpg

 

  1. Add the management IP address of the FortiGate on the 'Address' field of the iReasoning MIB Browser and configure the 'Advanced Properties of SNMP Agent' as below:

 

3.jpg

 

  1. Choose the operation in the 'Operations' field and select 'Go' and will be generated the list of all OIDs. To get the OID, just select a name on the list and the OID will appear on top:

 

4.jpg

 

Related article:

Technical Tip: SNMP Charting with PRTG.