- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SNMP don't response traffic
Hi Everyone,
I have the problem with configure SNMP. I use a pair fortigates model: 201F, version 7.2.7. I config HA mode Active-Passive. So I want to monitor 2 fortigates, I have enable snmp agent and config community snmp v2, config interface administrator access service: snmp, ping, https. Test ping from NMS to Fortigate is successful but when NMS send SNMP get but not receive response packet from Fortigate. Can you help me ? Thanks a lot.
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The debug shows the route lookup is happening on vsys_hamgmt vdom, which is default vdom when ha-mgmt is enabled. The interface port5 will be part of root (default vdom) and thats why the SNMP packet is getting dropped. Can you enable "set ha-direct enable" under SNMP community as below and test?
# show system snmp community
config system snmp community
edit 1
set name "hostmonitor"
config hosts
edit 1
set ip 10.5.0.36 255.255.255.255
set ha-direct enable ------>>>>Here
next
end
next
end
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, I don't use HA dedicated management port to query
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok, can you try and do a manual snmp query from the server and see if you get any values returned ?
snmpwalk -v2c -c COMMUNITY IP 1.3.6.1.4.1.12356.101 or 1.3.6.1.4.1.12356.1.1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, just use another host from which you can do a query and add it in the SNMP configuration on the FGT.
If it works then it's a NMS issue, imo.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
do you have VDOMs? Is the interface part of management vdom as suggested in https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SNMP-is-not-established-after-comple... ?
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI @srajeswaran ,
I don't enable Virtual Domains. If you know where the problem is, let me know. Thanks a lot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @HungDT,
You can also run debug flow to see if it is being dropped:
di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter port 161
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 9999
diagnose debug enable
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Hung
If you can run the commands shared by hbac on your FortiGate's CLI then we can see what your FortiGate is doing with NMC's SNMP queries.