Hi,
i have some ipsec tunnels on my fortigate clusters and i want to monitor them with PRTG via SNMP. i am doing it now via the snmp custom sensor but everytime the tunnel is going down/up or something is changed on the config the tunnel is getting a new OID. is there any option to not change all the time the ids? i know that there is a beta sensor for prtg for vpn but it is not giving back which tunnle is up/down.
Doing it like described here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-monitor-the-individual-VPN-tunnel-b...
thanks
Andreas
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you able to get below information using snmp get requests?
OID 1.3.6.1.4.1.12356.101.12.2.2.1.20
Value: fgVpnTunEntStatus
Description: Current status of tunnel (up or down)
There shouldn't be any change if tunnel goes up down. OIDs do not change. Values returned when asking those OIDs will change to match status of the tunnel
Hi @xshkurti ,
dont think that this will work, with get i am not getting anything, i tested it with my snmp tool, i am only getting the values with snmp walk the oids but i dont think that this is possible in prtg.
with snmp walk it shows again the oids which are changing after every up/down/change ...
30.10.2023 18:09:09 (19 ms) : Walk 1.3.6.1.4.1.12356.101.12.2.2.1.20
30.10.2023 18:09:09 (24 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.1.11 = "2" [ASN_INTEGER]
30.10.2023 18:09:09 (29 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.2.11 = "2" [ASN_INTEGER]
30.10.2023 18:09:09 (33 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.3.11 = "2" [ASN_INTEGER]
30.10.2023 18:09:09 (37 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.4.11 = "2" [ASN_INTEGER]
30.10.2023 18:09:09 (42 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.5.6 = "2" [ASN_INTEGER]
30.10.2023 18:09:09 (46 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.6.16 = "2" [ASN_INTEGER]
the bold numbers are the chaning ones...
@fohe
If you check this link:
OID 1.3.6.1.4.1.12356.101.12.2.2.1.20 fgVpnTunEntStatus reference info (oidref.com)
You will see that there are some changing values.
.16 for example is - Lifetime of tunnel in bytes, if byte transfer based lifetime used
Of course that will change because it is a changeable variable.
For your case, you just need the status of the tunnel up/down.
OID 1.3.6.1.4.1.12356.101.12.2.2.1 fgVpnTunEntry reference info (oidref.com)
So you have to walk this OID: 1.3.6.1.4.1.12356.101.12.2.2.1
Now from PRTG side, you should check on their support side on how to parse results for Fortigate VPN status.
Below link may help you
FortiGate VPN Overview Sensor | PRTG Manual (paessler.com)
Regards,
Hi,
thanks for your reply, i know this sensor, its not fully what i want to monitor, but i think i can misuse this one to get the result i am searching for.
best regards
Andreas
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1086 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.