Hi Everyone,
I have the problem with configure SNMP. I use a pair fortigates model: 201F, version 7.2.7. I config HA mode Active-Passive. So I want to monitor 2 fortigates, I have enable snmp agent and config community snmp v2, config interface administrator access service: snmp, ping, https. Test ping from NMS to Fortigate is successful but when NMS send SNMP get but not receive response packet from Fortigate. Can you help me ? Thanks a lot.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The debug shows the route lookup is happening on vsys_hamgmt vdom, which is default vdom when ha-mgmt is enabled. The interface port5 will be part of root (default vdom) and thats why the SNMP packet is getting dropped. Can you enable "set ha-direct enable" under SNMP community as below and test?
# show system snmp community
config system snmp community
edit 1
set name "hostmonitor"
config hosts
edit 1
set ip 10.5.0.36 255.255.255.255
set ha-direct enable ------>>>>Here
next
end
next
end
Hello @HungDT ,
Do you have a trusted host configuration on your admin users?
If you say yes, can you add the IP address of the nms tool to the trusted host configuration? It doesn't matter which administrator account you configure. You can configure it to anyone.
Hi @ozkanaltas,
it means restric login to trusted hosts on Administrators.
Created on 06-03-2024 02:40 AM Edited on 06-03-2024 02:48 AM
Hi @HungDT ,
If you don't have a trusted host configuration on your admin accounts, you don't need to configure it. This is only valid for those with a trusted host configuration.
Can you run these debug commands via CLI? While running these commands can you poll your device from the NMS tool? After running these commands can you collect output and share it with us?
diag debug application snmp -1
diag debug enable
However, if you have not configured SNMP Agent settings within the SNMP configuration, Fortigate may not respond to snmp queries.
Can you please post the output of the commands,
show system snmp community
show system snmp sysinfo
i send you picture
Hi @HungDT ,
Can you try to configure SNMP Agent information like that or real information?
Hi @ozkanaltas ,
I tried it but it doesn't work.
are you trying to query a HA dedicated management port ?
if so, please take a look at this, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SNMP-walk-getting-failed-when-using-...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.