- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Monitoring IPSec Tunnel Status with PRTG
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monitoring IPSec Tunnel Status with PRTG
Hi,
i have some ipsec tunnels on my fortigate clusters and i want to monitor them with PRTG via SNMP. i am doing it now via the snmp custom sensor but everytime the tunnel is going down/up or something is changed on the config the tunnel is getting a new OID. is there any option to not change all the time the ids? i know that there is a beta sensor for prtg for vpn but it is not giving back which tunnle is up/down.
Doing it like described here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-monitor-the-individual-VPN-tunnel-b...
thanks
Andreas
Labels:
- Labels:
-
FortiGate
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you able to get below information using snmp get requests?
OID 1.3.6.1.4.1.12356.101.12.2.2.1.20
Value: fgVpnTunEntStatus
Description: Current status of tunnel (up or down)
There shouldn't be any change if tunnel goes up down. OIDs do not change. Values returned when asking those OIDs will change to match status of the tunnel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @xshkurti ,
dont think that this will work, with get i am not getting anything, i tested it with my snmp tool, i am only getting the values with snmp walk the oids but i dont think that this is possible in prtg.
with snmp walk it shows again the oids which are changing after every up/down/change ...
30.10.2023 18:09:09 (19 ms) : Walk 1.3.6.1.4.1.12356.101.12.2.2.1.20
30.10.2023 18:09:09 (24 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.1.11 = "2" [ASN_INTEGER]
30.10.2023 18:09:09 (29 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.2.11 = "2" [ASN_INTEGER]
30.10.2023 18:09:09 (33 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.3.11 = "2" [ASN_INTEGER]
30.10.2023 18:09:09 (37 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.4.11 = "2" [ASN_INTEGER]
30.10.2023 18:09:09 (42 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.5.6 = "2" [ASN_INTEGER]
30.10.2023 18:09:09 (46 ms) : 1.3.6.1.4.1.12356.101.12.2.2.1.20.6.16 = "2" [ASN_INTEGER]
the bold numbers are the chaning ones...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@fohe
If you check this link:
OID 1.3.6.1.4.1.12356.101.12.2.2.1.20 fgVpnTunEntStatus reference info (oidref.com)
You will see that there are some changing values.
.16 for example is - Lifetime of tunnel in bytes, if byte transfer based lifetime used
Of course that will change because it is a changeable variable.
For your case, you just need the status of the tunnel up/down.
OID 1.3.6.1.4.1.12356.101.12.2.2.1 fgVpnTunEntry reference info (oidref.com)
So you have to walk this OID: 1.3.6.1.4.1.12356.101.12.2.2.1
Now from PRTG side, you should check on their support side on how to parse results for Fortigate VPN status.
Below link may help you
FortiGate VPN Overview Sensor | PRTG Manual (paessler.com)
Regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
thanks for your reply, i know this sensor, its not fully what i want to monitor, but i think i can misuse this one to get the result i am searching for.
best regards
Andreas
Related Posts
- Fortigate EMS Fabric Connector Monitoring with... 169 Views
- What impact this command "fnsysctl killall... 189 Views
- [get vpn ipsec tunnel summary] tx... 142 Views
- static route to L2TP client host... 531 Views
- Site-to-Site GRE tunnel fails after about... 268 Views
Labels
-
FortiGate
6,568 -
FortiClient
1,308 -
5.2
801 -
5.4
639 -
FortiManager
566 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
337 -
FortiAP
336 -
FortiClient EMS
267 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
25 -
Firewall policy
24 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SSO
6 -
Traffic shaping policy
5 -
SNMP
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Email filter profile
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.