Hi Everyone,
I have the problem with configure SNMP. I use a pair fortigates model: 201F, version 7.2.7. I config HA mode Active-Passive. So I want to monitor 2 fortigates, I have enable snmp agent and config community snmp v2, config interface administrator access service: snmp, ping, https. Test ping from NMS to Fortigate is successful but when NMS send SNMP get but not receive response packet from Fortigate. Can you help me ? Thanks a lot.
Solved! Go to Solution.
The debug shows the route lookup is happening on vsys_hamgmt vdom, which is default vdom when ha-mgmt is enabled. The interface port5 will be part of root (default vdom) and thats why the SNMP packet is getting dropped. Can you enable "set ha-direct enable" under SNMP community as below and test?
# show system snmp community
config system snmp community
edit 1
set name "hostmonitor"
config hosts
edit 1
set ip 10.5.0.36 255.255.255.255
set ha-direct enable ------>>>>Here
next
end
next
end
The debug shows the route lookup is happening on vsys_hamgmt vdom, which is default vdom when ha-mgmt is enabled. The interface port5 will be part of root (default vdom) and thats why the SNMP packet is getting dropped. Can you enable "set ha-direct enable" under SNMP community as below and test?
# show system snmp community
config system snmp community
edit 1
set name "hostmonitor"
config hosts
edit 1
set ip 10.5.0.36 255.255.255.255
set ha-direct enable ------>>>>Here
next
end
next
end
Created on 06-05-2024 09:04 PM Edited on 06-05-2024 09:06 PM
Thank you so much,
My problem has been solved. Port 5 is configed Mangement Interface Reservation, so that block traffic from fortigate to NMS, is that right. Why don't i see block log on forward traffic and local traffic ?
We may have to check from vsys_hamgmt vdom as mentioned in below article.
Hi Hung
As a test, can you enable SNMP on port5 and send the SNMP query to port5's IP address?
HI @AEK ,
I have enabled SNMP on port5 and send the SNMP query to port5's IP address with the previous picture. Do you detect anything unusual in the log
Something is very strange in your config, because in the debug i can see being specified, vsys_hamgmt which typically refers to a ha cluster interface.
Can you show the output of the command, show system ha ?
Hi,
please check snmp index in all the interface.
config system interface
show
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.