Description
A remote SNMP and FortiNDR manager can connect to the FortiGate agent to collect system information but sometimes this is not possible to reach the FortiGate IP.
This article describes how to troubleshoot this issue.
Scope
SNMP and FortiNDR.
Solution
Output examples in troubleshooting:
diagnose sniffer packet any 'host 192.168.0.2 and host 10.10.10.1' 4
interfaces=[any]
filters=[host 192.168.0.2 and host 10.10.10.1]
9.943524 port35 in 192.168.0.2 -> 10.10.10.1: icmp: echo request
14.845752 port35 in 192.168.0.2 -> 10.10.10.1: icmp: echo request
19.845647 port35 in 192.168.0.2 -> 10.10.10.1: icmp: echo request
24.845468 port35 in 192.168.0.2 -> 10.10.10.1: icmp: echo request
Debug Flow outputs:
2020-02-24 16:22:30 id=20085 trace_id=10101 func=print_pkt_detail line=4784 msg="vd-root received a packet(proto=1, 192.168.0.2:11->10.10.10.1:2048) from port35. type=8, code=0, id=11, seq=46900."
2020-02-24 16:22:30 id=20085 trace_id=10101 func=init_ip_session_common line=4935 msg="allocate a new session-31ab4266"
2020-02-24 16:22:30 id=20085 trace_id=10101 func=vf_ip_route_input_common line=2584 msg="find a route: flag=80000000 gw-10.10.10.1 via root"
2020-02-24 16:22:30 id=20085 trace_id=10101 func=fw_local_in_handler line=387 msg="iprope_in_check() check failed on policy 0, drop"
Verify 'Trusted Hosts' configuration:
Go to System -> Administrators in the web-based manager and select 'Restrict this Admin Login from Trusted Hosts Only'.
The trusted hosts apply to the web-based manager, SNMP, FortiNDR, and the CLI when accessed through SSH.
If it is enabled add the SNMP, and FortiNDR IP addresses as trusted hosts.