Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
HungDT
New Contributor III

Created on ‎06-03-2024 02:26 AM

SNMP don't response traffic

Hi Everyone,

I have the problem with configure SNMP. I use a pair fortigates model: 201F, version 7.2.7. I config HA mode Active-Passive. So I want to monitor 2 fortigates, I have enable snmp agent and config community snmp v2, config interface administrator access service: snmp, ping, https. Test ping from NMS to Fortigate is successful but when NMS send SNMP get but not receive response packet from Fortigate. Can you help me ? Thanks a lot.

local trafficlocal traffic

Labels:
3077
0 Kudos
1 Solution
srajeswaran
Staff
Staff
In response to HungDT

Created on ‎06-05-2024 05:02 AM

The debug shows the route lookup is happening on vsys_hamgmt vdom, which is default vdom when ha-mgmt is enabled. The interface port5 will be part of root (default vdom) and thats why the SNMP packet is getting dropped. Can you enable "set ha-direct enable" under SNMP community as below and test?

 

 

 

# show system snmp community
config system snmp community
edit 1
set name "hostmonitor"
config hosts
edit 1
set ip 10.5.0.36 255.255.255.255
set ha-direct enable ------>>>>Here
next
end
next
end

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

2530
27 REPLIES 27
ozkanaltas
Valued Contributor III

Created on ‎06-03-2024 02:29 AM

Hello @HungDT ,

 

 Do you have a trusted host configuration on your admin users?

 

If you say yes, can you add the IP address of the nms tool to the trusted host configuration? It doesn't matter which administrator account you configure. You can configure it to anyone.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1207
HungDT
New Contributor III
In response to ozkanaltas

Created on ‎06-03-2024 02:33 AM

Hi @ozkanaltas,

it means restric login to trusted hosts on Administrators.

1204
0 Kudos
ozkanaltas
Valued Contributor III
In response to HungDT

Created on ‎06-03-2024 02:40 AM Edited on ‎06-03-2024 02:48 AM

Hi @HungDT ,

 

If you don't have a trusted host configuration on your admin accounts, you don't need to configure it. This is only valid for those with a trusted host configuration.

 

Can you run these debug commands via CLI? While running these commands can you poll your device from the NMS tool? After running these commands can you collect output and share it with us? 

 

 

diag debug application snmp -1
diag debug enable

 

 

However, if you have not configured SNMP Agent settings within the SNMP configuration, Fortigate may not respond to snmp queries.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1199
HungDT
New Contributor III
In response to ozkanaltas

Created on ‎06-04-2024 02:50 AM

Hi @ozkanaltas 

I send you the picture, it shows updating cached loops.

updating cache.jpg

1001
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎06-03-2024 02:46 AM

Can you please post the output of the commands,

 

show system snmp community

show system snmp sysinfo

"jack of all trades, master of none"
"jack of all trades, master of none"
1194
HungDT
New Contributor III
In response to funkylicious

Created on ‎06-03-2024 02:57 AM

i send you picture

 

check file 1.jpg

1183
0 Kudos
ozkanaltas
Valued Contributor III
In response to HungDT

Created on ‎06-03-2024 02:59 AM

Hi @HungDT ,

 

Can you try to configure SNMP Agent information like that or real information? 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1179
HungDT
New Contributor III
In response to ozkanaltas

Created on ‎06-04-2024 02:46 AM

Hi @ozkanaltas ,

 I tried it but it doesn't work. 

1004
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎06-04-2024 02:53 AM

are you trying to query a HA dedicated management port ?

if so, please take a look at this, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SNMP-walk-getting-failed-when-using-...

"jack of all trades, master of none"
"jack of all trades, master of none"
997
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.