Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
josemusante1
New Contributor

Created on ‎06-01-2025 12:26 PM

Fortinet Monitoring lan to zabbix server

Good evening 

 

I want to monitor a lan to a zabbix server with ip address 192.168.1.87 connected in bridge adapter but a tracer to a zabbix server and i see the ip 10.50.3.21

 

FortiGate-HomeLab # show system interface port1
config system interface
edit "port1"
set vdom "root"
set ip 192.168.55.10 255.255.255.0
set allowaccess ping https ssh snmp http fabric
set type physical
set lldp-reception enable
set role wan
set snmp-index 1
next
end

FortiGate-HomeLab #

FortiGate-HomeLab # show system interface vlan20
config system interface
edit "vlan20"
set vdom "root"
set ip 10.10.20.3 255.255.255.0
set allowaccess ping https ssh snmp fabric
set device-identification enable
set role lan
set snmp-index 29
set secondary-IP enable
set interface "port2"
set vlanid 20
next
end

FortiGate-HomeLab #

FortiGate-HomeLab # show firewall policy
config firewall policy
edit 1
set name "vlan20-port1"
set uuid a58b44a4-3d9d-51f0-e235-a09bba7147a0
set srcintf "vlan20"
set dstintf "port1"
set action accept
set srcaddr "vlan20"
set dstaddr "zbx"
set schedule "always"
set service "DHCP" "DNS" "PING" "SNMP" "TRACEROUTE"
set logtraffic all
set logtraffic-start enable
set nat enable
next
edit 2
set name "port1-vlan20"
set uuid ae0cc802-3e3b-51f0-8fec-eb0ba905a1ca
set srcintf "port1"
set dstintf "vlan20"
set action accept
set srcaddr "zbx"
set dstaddr "vlan20"
set schedule "always"
set service "ALL"
set logtraffic all
set logtraffic-start enable
set nat enable
set ippool enable
set poolname "zabbiz"
next
end

FortiGate-HomeLab #

Screenshot_4.jpg

 

Grettings

Labels:
1094
0 Kudos
9 REPLIES 9
Dhruvin_patel
Staff
Staff

Created on ‎06-01-2025 02:03 PM

Greetings!

 

Which device uses the IP 10.50.3.22?

Review the firewall policies to ensure traffic is allowed between the Zabbix server and the LAN.

 

Best Regards!

Dhruvin Patel
1075
0 Kudos
josemusante1
New Contributor

Created on ‎06-01-2025 02:28 PM

Greetings 

 

There is the port for this IP

 

Screenshot_1.jpg

 

Thanks

 

Best Regards

1071
0 Kudos
Dhruvin_patel
Staff
Staff
In response to josemusante1

Created on ‎06-02-2025 06:20 AM

Please make sure that you have a policy to allow the traffic.

 

Please run the debug flow to identify if the fortigate is dropping/allowing the traffic. refer: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Best Regards!

Dhruvin Patel
991
0 Kudos
josemusante1
New Contributor

Created on ‎06-02-2025 08:00 AM

I have this in the debug flow

. flag [S], seq 3700023503, ack 0, win 65535"
id=65308 trace_id=103 func=resolve_ip_tuple_fast line=5983 msg="Find an existing session, id-000002af, original direction"
id=65308 trace_id=104 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=6, 192.168.55.10:18790->192.168.1.87:179) tun_id=0.0.0.0 from local. flag [S], seq 3700023503, ack 0, win 65535"
id=65308 trace_id=104 func=resolve_ip_tuple_fast line=5983 msg="Find an existing session, id-000002af, original direction"
id=65308 trace_id=105 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=6, 192.168.55.10:18797->192.168.1.87:179) tun_id=0.0.0.0 from local. flag [S], seq 986106276, ack 0, win 65535"
id=65308 trace_id=105 func=init_ip_session_common line=6076 msg="allocate a new session-000002b8, tun_id=0.0.0.0"
id=65308 trace_id=106 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=6, 192.168.55.10:18797->192.168.1.87:179) tun_id=0.0.0.0 from local. flag [S], seq 986106276, ack 0, win 65535"
id=65308 trace_id=106 func=resolve_ip_tuple_fast line=5983 msg="Find an existing session, id-000002b8, original direction"
id=65308 trace_id=107 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=6, 192.168.55.10:18797->192.168.1.87:179) tun_id=0.0.0.0 from local. flag [S], seq 986106276, ack 0, win 65535"
id=65308 trace_id=107 func=resolve_ip_tuple_fast line=5983 msg="Find an existing session, id-000002b8, original direction"
id=65308 trace_id=108 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=6, 192.168.55.10:18797->192.168.1.87:179) tun_id=0.0.0.0 from local. flag [S], seq 986106276, ack 0, win 65535"
id=65308 trace_id=108 func=resolve_ip_tuple_fast line=5983 msg="Find an existing session, id-000002b8, original direction"
id=65308 trace_id=109 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=6, 192.168.55.10:18797->192.168.1.87:179) tun_id=0.0.0.0 from local. flag [S], seq 986106276, ack 0, win 65535"
id=65308 trace_id=109 func=resolve_ip_tuple_fast line=5983 msg="Find an existing session, id-000002b8, original direction"
id=65308 trace_id=110 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=6, 192.168.55.10:18797->192.168.1.87:179) tun_id=0.0.0.0 from local. flag [S], seq 986106276, ack 0, win 65535"
id=65308 trace_id=110 func=init_ip_session_common line=6076 msg="allocate a new session-000002d7, tun_id=0.0.0.0"

 

Best Regards

 

978
0 Kudos
josemusante1
New Contributor

Created on ‎06-02-2025 10:26 AM

This is the result of sniffer traffic

 

FortiGate-HomeLab # diagnose sniffer packet any "host 192.168.1.87"
Using Original Sniffing Mode
interfaces=[any]
filters=[host 192.168.1.87]
71.4294963555 192.168.55.10.23154 -> 192.168.1.87.179: syn 314272394
72.4294962127 192.168.55.10.23154 -> 192.168.1.87.179: syn 314272394
74.4294963386 192.168.55.10.23154 -> 192.168.1.87.179: syn 314272394
78.008669 192.168.55.10.23154 -> 192.168.1.87.179: syn 314272394
86.035127 192.168.55.10.23154 -> 192.168.1.87.179: syn 314272394
102.074491 192.168.55.10.23154 -> 192.168.1.87.179: syn 314272394
253.4294950907 192.168.55.10.23349 -> 192.168.1.87.179: syn 2553895484
254.4294958160 192.168.55.10.23349 -> 192.168.1.87.179: syn 2553895484
256.4294959228 192.168.55.10.23349 -> 192.168.1.87.179: syn 2553895484
260.4294966823 192.168.55.10.23349 -> 192.168.1.87.179: syn 2553895484
268.025163 192.168.55.10.23349 -> 192.168.1.87.179: syn 2553895484
284.076056 192.168.55.10.23349 -> 192.168.1.87.179: syn 2553895484
331.4294949286 192.168.55.10.162 -> 192.168.1.87.162: udp 113
331.4294950280 192.168.55.10.162 -> 192.168.1.87.162: udp 137
331.4294950496 192.168.55.10.162 -> 192.168.1.87.162: udp 135
331.4294950555 192.168.55.10.162 -> 192.168.1.87.162: udp 159
349.210770 192.168.55.10.162 -> 192.168.1.87.162: udp 135
349.211610 192.168.55.10.162 -> 192.168.1.87.162: udp 159
422.4294954341 192.168.55.10.23727 -> 192.168.1.87.179: syn 1695278053
423.4294957214 192.168.55.10.23727 -> 192.168.1.87.179: syn 1695278053
425.4294956574 192.168.55.10.23727 -> 192.168.1.87.179: syn 1695278053
429.4294960954 192.168.55.10.23727 -> 192.168.1.87.179: syn 1695278053
437.026906 192.168.55.10.23727 -> 192.168.1.87.179: syn 1695278053

 

Grettings

959
0 Kudos
aipodka1
New Contributor

Created on ‎06-02-2025 11:26 AM

Sounds very interesting! I am not too great with API and scripting, but I will read up on it, check what I can find on Google, thx man! :D

https://xender.vip/
https://xender.vip/
943
0 Kudos
josemusante1
New Contributor

Created on ‎06-11-2025 08:07 AM

And i have this ports telnet in the traceroute.

 

Screenshot_4.jpg

757
0 Kudos
josemusante1
New Contributor

Created on ‎06-24-2025 05:00 PM

Grettings now i testing with my vlan interface but is not responding in the sniffer

Only respond with wan port1

Screenshot_4.jpg

664
0 Kudos
josemusante1
New Contributor

Created on ‎07-15-2025 01:46 PM

Now finally i have a debug flow with vlan 20

 

d=65308 trace_id=105 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=17, 10.10.20.3:162->192.168.1.88:162) tun_id=0.0.0.0 from local. "
id=65308 trace_id=105 func=init_ip_session_common line=6076 msg="allocate a new session-000003fd, tun_id=0.0.0.0"
id=65308 trace_id=106 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=17, 10.10.20.3:162->192.168.1.88:162) tun_id=0.0.0.0 from local. "
id=65308 trace_id=106 func=resolve_ip_tuple_fast line=5983 msg="Find an existing session, id-000003fd, original direction"
id=65308 trace_id=107 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=17, 10.10.20.3:162->192.168.1.88:162) tun_id=0.0.0.0 from local. "
id=65308 trace_id=107 func=resolve_ip_tuple_fast line=5983 msg="Find an existing session, id-000003fd, original direction"
id=65308 trace_id=108 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=17, 10.10.20.3:162->192.168.1.88:162) tun_id=0.0.0.0 from local. "
id=65308 trace_id=108 func=resolve_ip_tuple_fast line=5983 msg="Find an existing session, id-000003fd, original direction"

 

Grettings

434
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.