Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pablo1
New Contributor II

Created on ‎07-23-2024 06:41 AM

SNMP do not response

Hello Team!

 

I am using a FortiGate 40F model FG-40F with a configuration which consist of a VDOM root (management, operation mode NAT) and a VDOM transparent (operation mode transparent).

 

VDOMs.jpg

 

The VDOM root is only use to give access to internet:

 
VDOMroot.jpg
 

The VDOM transparent is only use to stablish a firewall between a network called LAN and a network called WAN:

 

VDOMtransparent.jpg

My objective is to monitor the Fortinet sending get SNMP from a PC connected to the port 2 (Inside lan 2).

I have configured the System > SNMP in this way:

 

SNMPconfig.jpg

 

My problem is that the Fortinet receives the SNMP get but not answer me:

 

lan2capture.jpg

 

I am sending the get SNMP with iReasoning Browser:

iReasoning.jpg

 

I amnot using HA or trusted hosts (I have tested to add my pc to trusted hosts but the behaviour does not change), I have checked the threads: SNMP don't response traffic, SNMP response and SNMP no response: timed out but I can not solve the problem. I give you more information that could be interesting:

debug.jpg

 

I hope that you can help me, thanks in advance.

 

Labels:
3105
0 Kudos
1 Solution
ozkanaltas
Valued Contributor III
In response to Pablo1

Created on ‎07-24-2024 06:26 AM Edited on ‎07-24-2024 06:27 AM

Hi @Pablo1 ,

 

Normally this is possible. 

 

https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/986787/nat-and-transparent-mode

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Connect-2-Transparent-VDOMs-with-NAT-VDOM-...

 

Can you change vdom link type PPP to Ethernet. 

 

 

config system vdom-link
edit <VDOM_NAME>
set type ethernet
end
end

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
2591
12 REPLIES 12
kajlasunil
Staff
Staff
In response to Pablo1

Created on ‎07-25-2024 01:38 PM

Hi @Pablo1 

Please verify  if ha-direct under snmp community is disabled

 

config system snmp community
    edit 1
        set name "abcd"
        config hosts
            edit 1
                set ip x.x.x.x 255.255.255.255
                set ha-direct enable  <----- Set to disable
                set host-type query
            next
        end

ks
398
Pablo1
New Contributor II
In response to kajlasunil

Created on ‎07-26-2024 12:34 AM

Hi kajlasunil

 

I think is disabled:

 

VDONlink13.jpg

VDONlink14.jpg

Regards

 

380
0 Kudos
Pablo1
New Contributor II

Created on ‎10-24-2024 06:40 AM

Hi All,

 

Thanks to your contributions I have solved the problem. It was necessary a last step regarding my last post, which consist of configure the route from my PC (or the element that execute the SNMP GET request) to the IP 11.11.11.13. 

 

After that run the SNMP request to the IP 11.11.11.13, namely, the virtual IP at the end of the tunnel between VDOMs located in VDOM management.

 

Thanks again.

32
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.