Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
funkylicious
SuperUser
SuperUser

Created on ‎01-06-2025 06:30 AM Edited on ‎01-06-2025 06:32 AM

FortiAuth - SNMP OID remaining tokens

Hi,


Hoping that someone could help in regards to the correct OID required to query FortiAuth-VM in order to get the number of FortiTokens available for usage, since the one I've found in a old forum post is not returning the correct value - https://community.fortinet.com/t5/Support-Forum/FortiAuthenticator-OIDs/td-p/228761

 

Upon querying, 1.3.6.1.4.1.12356.113.1.202.6.0 , I get a value of 244 which is more than the total amount of registered/available tokens in FAC-VM.

 

iso.3.6.1.4.1.12356.113.1.202.6.0 = INTEGER: 244

FortiToken Mobile

Used: 148Populated: 155Available: 7Disabled: 0

 

Using .1.3.6.1.4.1.12356.113.1.202.3.0 returns the correct amount of tokens since I also got 1 Yubikey registered (populated).

 

iso.3.6.1.4.1.12356.113.1.202.3.0 = INTEGER: 156

FortiToken Mobile / Yubikey Tokens

Used: 148Populated: 155Available: 7Disabled: 0
Used: 0Populated: 1Available: 1Disabled: 0


I am trying to create a plugin in the internal monitoring platform in order to have a view of this info w/o accesing the webUI.

 

Thanks.

"jack of all trades, master of none"
"jack of all trades, master of none"
Labels:
647
0 Kudos
2 Solutions
pminarik
Staff
Staff

Created on ‎01-06-2025 07:24 AM Edited on ‎01-06-2025 07:31 AM

"facFortiTokenCount" (.1.3.6.1.4.1.12356.113.1.202.3.0) = Number of FortiTokens (in general) that exist in the config on the unit.

"facFortiTokenRemaining" (.1.3.6.1.4.1.12356.113.1.202.6.0) = Number of tokens that can still be added before reaching the licensing limit.

 

Essentially, if you go to the GUI and into Authentication > User Management > FortiTokens, you will see  "<X> / <Y> FortiTokens" at the bottom of the page. This is <number of tokens> / <total possible number of tokens> (=max limit).

The OIDs are mapped as <X> = facFortiTokenCount, <Y> - <X> = facFortiTokenRemaining

 

As far as I can tell from skimming through the MIB file, there isn't an OID that will give out detailed usage counts of tokens (assigned/unassigned).

 

 

 

If I can offer an alternative, you can use the REST API to pull info about tokens, and filter for them by state.

https://docs.fortinet.com/document/fortiauthenticator/6.6.2/rest-api-solution-guide/875895/fortitoke...

[ corrections always welcome ]

View solution in original post

632
0 Kudos
funkylicious
SuperUser
SuperUser
In response to pminarik

Created on ‎01-06-2025 09:13 AM

/api/v1/fortitokenmobilelicenses/ - returns the value that i'm looking for, I just need to parse the output

/api/v1/fortitokens/ - appears to return info about each token available for allocation.

"jack of all trades, master of none"

View solution in original post

"jack of all trades, master of none"
591
0 Kudos
4 REPLIES 4
pminarik
Staff
Staff

Created on ‎01-06-2025 07:24 AM Edited on ‎01-06-2025 07:31 AM

"facFortiTokenCount" (.1.3.6.1.4.1.12356.113.1.202.3.0) = Number of FortiTokens (in general) that exist in the config on the unit.

"facFortiTokenRemaining" (.1.3.6.1.4.1.12356.113.1.202.6.0) = Number of tokens that can still be added before reaching the licensing limit.

 

Essentially, if you go to the GUI and into Authentication > User Management > FortiTokens, you will see  "<X> / <Y> FortiTokens" at the bottom of the page. This is <number of tokens> / <total possible number of tokens> (=max limit).

The OIDs are mapped as <X> = facFortiTokenCount, <Y> - <X> = facFortiTokenRemaining

 

As far as I can tell from skimming through the MIB file, there isn't an OID that will give out detailed usage counts of tokens (assigned/unassigned).

 

 

 

If I can offer an alternative, you can use the REST API to pull info about tokens, and filter for them by state.

https://docs.fortinet.com/document/fortiauthenticator/6.6.2/rest-api-solution-guide/875895/fortitoke...

[ corrections always welcome ]
633
0 Kudos
funkylicious
SuperUser
SuperUser
In response to pminarik

Created on ‎01-06-2025 07:42 AM

Hmm, ok.

Thanks for the clarifications, I will try the REST API in order to get the data that I need.

"jack of all trades, master of none"
"jack of all trades, master of none"
608
0 Kudos
funkylicious
SuperUser
SuperUser
In response to pminarik

Created on ‎01-06-2025 09:13 AM

/api/v1/fortitokenmobilelicenses/ - returns the value that i'm looking for, I just need to parse the output

/api/v1/fortitokens/ - appears to return info about each token available for allocation.

"jack of all trades, master of none"
"jack of all trades, master of none"
592
0 Kudos
solasko2
New Contributor

Created on ‎01-06-2025 07:45 AM Edited on ‎01-18-2025 02:06 AM

There's an ipsec tunnel down trap but idk if there's a dead peer detected trap. This is afaik only logged into the device log https://100001.onl/ .

603
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.