FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AlexC-FTNT
Staff
Staff
Article Id 332647
Description

 

This article provides a go-to point for troubleshooting all SNMP issues that may occur with polling information from FortiGate, sorted by issue type.
This article does not focus on SNMP traps.

 

Scope

 

FortiOS.

 

Solution

 

General setup guide (make sure setup is performed correctly before taking any other troubleshooting steps):

Technical Tip: How to Configure FortiGate SNMP Agent for Monitoring

 

No reply to SNMP (at all, or only on one interface/VDOM/unit):

 

Only some OID is not working, or returns unexpected values:

If all of the above is matched, make sure to have the latest FortiOS version available and then open a support case to investigate.

 

SNMPD crashes (depending on the type):

For the other cases, contact TAC support for help with troubleshooting. Collect SNMP debug output (from diag debug app snmpd -1 and diag debug ena while reproducing the crash.)

 

Troubleshooting actions on FortiGate (after all the above fails):

  • Gracefully restart snmpd:

diagnose test application snmpd 99

           

Debugging (if enabled) will display the following:
diagnose test application snmpd 99

snmpd: received debug test signal
restarting snmp daemon
snmpd: creating community=fortinet
snmpd: community: fortinet mask:       9e9ff9f37f
snmpd: creating community=FortiManager
snmpd: community: FortiManager mask: 7fffffffffffffff
snmpd: set mac_host_timeout as 300

 

  • Alternatively, forcefully restart snmpd:

diag sys process pidof snmpd <- Will return the process ID of snmpd to use
diag sys kill 11 <pid#>

See Technical Tip: Find and restart/kill a process on a FortiGate by the process ID (PID) via pidof.

The result will be seen as snmpd showing another process number, and the crashlog will show 'signal 11' sent by the user to snmpd.

 

  • Check the packet capture to ensure are packets seen/received by FortiGate.
  • Check the debug flow for the SNMP request to determine if it is passed or blocked.
  • Check if the SNMP port is used/open on FortiGate: diag sys udpsock | grep 161 
    Technical Tip: SNMP process is not listening
  • Check the output of snmpd -1 debug: if the request is not blocked by interface or other security checks, the output will provide the reason for failure.

 

Other related articles:

Contributors