Created on 08-13-2024 05:01 AM Edited on 08-13-2024 06:47 AM By Stephen_G
Description
This article provides a go-to point for troubleshooting all SNMP issues that may occur with polling information from FortiGate, sorted by issue type.
This article does not focus on SNMP traps.
Scope
FortiOS.
Solution
General setup guide (make sure setup is performed correctly before taking any other troubleshooting steps):
Technical Tip: How to Configure FortiGate SNMP Agent for Monitoring
No reply to SNMP (at all, or only on one interface/VDOM/unit):
- Check if SNMP access is enabled on the interface where the request is received.
- Check if the IP of the polling server is added to the trusted hosts (as well as in the admin user's trusted hosts, if trusted hosts are used): Troubleshooting Tip: Troubleshooting SNMP query failure from the SNMP manager to the firewall.
- Check the SNMP agent is enabled, and configured.
- Check the community name for special characters. See Troubleshooting Tip: SNMP connection failed due to special character.
- Ensure any local-in policies are configured correctly.
- Check if the SNMP request is reaching the expected interface/vlan/vdom (diag sniffer packet any "port 161" 4 0).
- Check if the community is matched (diag debug app snmpd -1 / diag debug enable).
- If the traffic is crossing more than one VDOM, make sure the SNMP is configured for multi-VDOM, and policies exist.
- In HA mode: check if HA-direct is enabled:
- Check for a community mismatch when the SNMP is only set up to send traps: Technical Tip: SNMP failed to specific host when host set to trap only
Only some OID is not working, or returns unexpected values:
- Make sure the most recent MIBs are used in the monitoring tool:
- Check the output matches the output from specific diagnostic commands.
If all of the above is matched, make sure to have the latest FortiOS version available and then open a support case to investigate.
SNMPD crashes (depending on the type):
- The crashlog can be seen in 'diag debug crashlog read'.
- signal 6: make sure all interface indexes are unique. Check as described here: Technical Tip: Watchdog Timeout / Application Crash snmpd (signal 6) abort.
- Signal 11 can be manually triggered by a user or by FortiOS. When triggered by FortiOS, this is only a consequence of Conserve mode most times.
For the other cases, contact TAC support for help with troubleshooting. Collect SNMP debug output (from diag debug app snmpd -1 and diag debug ena while reproducing the crash.)
Troubleshooting actions on FortiGate (after all the above fails):
- Gracefully restart snmpd:
diagnose test application snmpd 99
Debugging (if enabled) will display the following:
diagnose test application snmpd 99
snmpd: received debug test signal
restarting snmp daemon
snmpd: creating community=fortinet
snmpd: community: fortinet mask: 9e9ff9f37f
snmpd: creating community=FortiManager
snmpd: community: FortiManager mask: 7fffffffffffffff
snmpd: set mac_host_timeout as 300
- Alternatively, forcefully restart snmpd:
diag sys process pidof snmpd <- Will return the process ID of snmpd to use
diag sys kill 11 <pid#>
See Technical Tip: Find and restart/kill a process on a FortiGate by the process ID (PID) via pidof.
The result will be seen as snmpd showing another process number, and the crashlog will show 'signal 11' sent by the user to snmpd.
- Check the packet capture to ensure are packets seen/received by FortiGate.
- Check the debug flow for the SNMP request to determine if it is passed or blocked.
- Check if the SNMP port is used/open on FortiGate: diag sys udpsock | grep 161
Technical Tip: SNMP process is not listening - Check the output of snmpd -1 debug: if the request is not blocked by interface or other security checks, the output will provide the reason for failure.
Other related articles: