Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
funkylicious
SuperUser
SuperUser

FortiAuth - SNMP OID remaining tokens

Hi,


Hoping that someone could help in regards to the correct OID required to query FortiAuth-VM in order to get the number of FortiTokens available for usage, since the one I've found in a old forum post is not returning the correct value - https://community.fortinet.com/t5/Support-Forum/FortiAuthenticator-OIDs/td-p/228761

 

Upon querying, 1.3.6.1.4.1.12356.113.1.202.6.0 , I get a value of 244 which is more than the total amount of registered/available tokens in FAC-VM.

 

iso.3.6.1.4.1.12356.113.1.202.6.0 = INTEGER: 244

FortiToken Mobile

Used: 148Populated: 155Available: 7Disabled: 0

 

Using .1.3.6.1.4.1.12356.113.1.202.3.0 returns the correct amount of tokens since I also got 1 Yubikey registered (populated).

 

iso.3.6.1.4.1.12356.113.1.202.3.0 = INTEGER: 156

FortiToken Mobile / Yubikey Tokens

Used: 148Populated: 155Available: 7Disabled: 0
Used: 0Populated: 1Available: 1Disabled: 0


I am trying to create a plugin in the internal monitoring platform in order to have a view of this info w/o accesing the webUI.

 

Thanks.

"jack of all trades, master of none"
"jack of all trades, master of none"
2 Solutions
pminarik
Staff
Staff

"facFortiTokenCount" (.1.3.6.1.4.1.12356.113.1.202.3.0) = Number of FortiTokens (in general) that exist in the config on the unit.

"facFortiTokenRemaining" (.1.3.6.1.4.1.12356.113.1.202.6.0) = Number of tokens that can still be added before reaching the licensing limit.

 

Essentially, if you go to the GUI and into Authentication > User Management > FortiTokens, you will see  "<X> / <Y> FortiTokens" at the bottom of the page. This is <number of tokens> / <total possible number of tokens> (=max limit).

The OIDs are mapped as <X> = facFortiTokenCount, <Y> - <X> = facFortiTokenRemaining

 

As far as I can tell from skimming through the MIB file, there isn't an OID that will give out detailed usage counts of tokens (assigned/unassigned).

 

 

 

If I can offer an alternative, you can use the REST API to pull info about tokens, and filter for them by state.

https://docs.fortinet.com/document/fortiauthenticator/6.6.2/rest-api-solution-guide/875895/fortitoke...

[ corrections always welcome ]

View solution in original post

funkylicious

/api/v1/fortitokenmobilelicenses/ - returns the value that i'm looking for, I just need to parse the output

/api/v1/fortitokens/ - appears to return info about each token available for allocation.

"jack of all trades, master of none"

View solution in original post

"jack of all trades, master of none"
4 REPLIES 4
pminarik
Staff
Staff

"facFortiTokenCount" (.1.3.6.1.4.1.12356.113.1.202.3.0) = Number of FortiTokens (in general) that exist in the config on the unit.

"facFortiTokenRemaining" (.1.3.6.1.4.1.12356.113.1.202.6.0) = Number of tokens that can still be added before reaching the licensing limit.

 

Essentially, if you go to the GUI and into Authentication > User Management > FortiTokens, you will see  "<X> / <Y> FortiTokens" at the bottom of the page. This is <number of tokens> / <total possible number of tokens> (=max limit).

The OIDs are mapped as <X> = facFortiTokenCount, <Y> - <X> = facFortiTokenRemaining

 

As far as I can tell from skimming through the MIB file, there isn't an OID that will give out detailed usage counts of tokens (assigned/unassigned).

 

 

 

If I can offer an alternative, you can use the REST API to pull info about tokens, and filter for them by state.

https://docs.fortinet.com/document/fortiauthenticator/6.6.2/rest-api-solution-guide/875895/fortitoke...

[ corrections always welcome ]
funkylicious

Hmm, ok.

Thanks for the clarifications, I will try the REST API in order to get the data that I need.

"jack of all trades, master of none"
"jack of all trades, master of none"
funkylicious

/api/v1/fortitokenmobilelicenses/ - returns the value that i'm looking for, I just need to parse the output

/api/v1/fortitokens/ - appears to return info about each token available for allocation.

"jack of all trades, master of none"
"jack of all trades, master of none"
solasko2
New Contributor

There's an ipsec tunnel down trap but idk if there's a dead peer detected trap. This is afaik only logged into the device log https://100001.onl/ .

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors