This document will help in troubleshooting/isolating the issue with the connectivity between our Onsight and a network device.
|Scope||FortiMonitor, Onsight, Network Devices.|
Few considerations of network topology:
1) FortiGate and Onsight reside in different network.
2) FortiGate's IP is 192.168.4.1 and Onsight's IP is 192.168.120.3.
The first step is to verify the connectivity from Onsight to FortiGate:
- Let's run the 'ping' command from the host of the Onsight to FortiGate to check the connectivity.
- If the ping FAILS run the 'traceroute' command from the host machine to check the path/hops between the Onsight and the FortiGate and isolate the connectivity issue.
# traceroute 192.168.4.1
- Once the connectivity is successful, run the 'nmap' command from Onsight to verify if port 161 (SNMP service) is 'open':
# sudo nmap -sU -p 161 192.168.4.1
- Once, the connectivity and port check is confirmed between the Onsight and FortiGate, we can apply captures to verify if the packet is exiting correctly from Onsight and then reaching the FortiGate.
The second step is to apply the captures on FortiGate and Onsight:
1) Applying capture on Onsight.
- To apply captures on Onsight we will be using the 'tcpdump' utility tool, and the command is as follows:
tcpdump -A -w <capture name>.pcap -i <interface name> dst <destination IP>
- Below is an example of the actual command from Onsight.
tcpdump -A -w capture1.pcap -i ens160 dst 192.168.4.1
- Note: ens160 is the Onsight NIC interface, which might differ. It can be verified by running the command 'ifconfig'.
- To view the TCP dump, run the below command:
tcpdump -r <capture name>
- In this example, it would be tcpdump -r capture1.pcap.
2) Applying captures on FortiGate:
- To apply captures on FortiGate, navigate to the CLI of FortiGate and run the command:
# dia sniffer packet any ‘host <IP address> and port <port no>’ 4 0
# dia sniffer packet any ‘host 192.168.120.3 and port 161’ 4 0
- Once both the captures are applied, try onboarding the network device on FortiMonitor via SNMP and then view the captures to identify the issue.
Note: For this document, FortiGate is used as a network device. To apply the captures to the non-Fortinet network device, refer to the vendor guide and then apply the captures.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.