Help
FortiMonitor
FortiMonitor is a holistic, SaaS-based digital experience and network performance monitoring solution which combines monitoring, network incident management, automation, and network configuration management into a single source of truth
Rahulv
Staff
Staff

Created on ‎07-13-2022 10:27 AM

Article Id 214781

Technical Tip: Troubleshoot connectivity between Onsight and FortiGate

Description

This document will help in troubleshooting/isolating the issue with the connectivity between our Onsight and a network device.
Scope FortiMonitor, Onsight, Network Devices.
Solution

Few considerations of network topology:

 

1) FortiGate and Onsight reside in different network.

 

2) FortiGate's IP is 192.168.4.1 and Onsight's IP is 192.168.120.3.

 

The first step is to verify the connectivity from Onsight to FortiGate: 

 

- Let's run the 'ping' command from the host of the Onsight  to FortiGate to check the connectivity. 

 

ping 192.168.4.1

 

Rahulv_0-1656041434366.png

 

- If the ping FAILS run the 'traceroute' command from the host machine to check the path/hops between the Onsight and the FortiGate and isolate the connectivity issue.

 

# traceroute 192.168.4.1

 

- Once the connectivity is successful, run the 'nmap' command from Onsight to verify if port 161 (SNMP service) is 'open':

 

# sudo nmap -sU -p 161 192.168.4.1

 

Rahulv_1-1656041609814.png

 

- Once, the connectivity and port check is confirmed between the Onsight and FortiGate, we can apply captures to verify if the packet is exiting correctly from Onsight and then reaching the FortiGate.

 

The second step is to apply the captures on FortiGate and Onsight:

 

1) Applying capture on Onsight.

 

- To apply captures on Onsight we will be using the 'tcpdump' utility tool, and the command is as follows:

 

tcpdump -A -w <capture name>.pcap -i <interface name> dst <destination IP>​

 

- Below is an example of the actual command from Onsight.

 

tcpdump -A -w capture1.pcap -i ens160 dst 192.168.4.1​

 

- Note: ens160 is the Onsight NIC interface, which might differ. It can be verified by running the command 'ifconfig'.

 

- To view the TCP dump, run the below command:

 

tcpdump -r <capture name>​

 

- In this example, it would be tcpdump -r capture1.pcap.

 

2) Applying captures on FortiGate:

 

- To apply captures on FortiGate, navigate to the CLI of FortiGate and run the command:

 

# dia sniffer packet any ‘host <IP address> and port <port no>’ 4 0

 

Example command:

 

# dia sniffer packet any ‘host 192.168.120.3 and port 161’ 4 0​

 

- Once both the captures are applied, try onboarding the network device on FortiMonitor via SNMP and then view the captures to identify the issue.

 

Note: For this document, FortiGate is used as a network device. To apply the captures to the non-Fortinet network device, refer to the vendor guide and then apply the captures.
341
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.