FortiMonitor is a holistic, SaaS-based digital experience and network performance monitoring solution which combines monitoring, network incident management, automation, and network configuration management into a single source of truth
Article Id 222365

This article explains the 'Deduplication OIDs' used in FortiMonitor's SNMP trap handling.

Scope SNMP traps in FortiMonitor.

When traps are not followed by an all-clear sent by the device the trap originated from, FortiMonitor closes the trap incident after a preset time. This is usually half an hour.

The question of deduplication arises if one or more additional traps are sent with the same trap OID as another already active trap. Deduplication allows a deeper look to determine whether two traps that share an OID are truly identical.


How it works:


When an SNMP trap is sent, it carries a payload of objects that are defined in its OID description. The descriptions can be found and viewed at sites such as or

A 'deduplication OID' may be selected from the list of objects in a given trap type.

If an additional trap is sent while the trap is active and a deduplication OID is set, FortiMonitor will examine the selected object in the trap payload and compare whether its value is different from the value in the original trap. If it is identical, the new trap message is appended to the 'Timeline & Messages' of the existing trap incident. If the new object value is different, a new incident is generated instead.