Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
HungDT
New Contributor III

Created on ‎06-03-2024 02:26 AM

SNMP don't response traffic

Hi Everyone,

I have the problem with configure SNMP. I use a pair fortigates model: 201F, version 7.2.7. I config HA mode Active-Passive. So I want to monitor 2 fortigates, I have enable snmp agent and config community snmp v2, config interface administrator access service: snmp, ping, https. Test ping from NMS to Fortigate is successful but when NMS send SNMP get but not receive response packet from Fortigate. Can you help me ? Thanks a lot.

local trafficlocal traffic

Labels:
1255
0 Kudos
1 Solution
srajeswaran
Staff
Staff
In response to HungDT

Created on ‎06-05-2024 05:02 AM

The debug shows the route lookup is happening on vsys_hamgmt vdom, which is default vdom when ha-mgmt is enabled. The interface port5 will be part of root (default vdom) and thats why the SNMP packet is getting dropped. Can you enable "set ha-direct enable" under SNMP community as below and test?

 

 

 

# show system snmp community
config system snmp community
edit 1
set name "hostmonitor"
config hosts
edit 1
set ip 10.5.0.36 255.255.255.255
set ha-direct enable ------>>>>Here
next
end
next
end

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

708
27 REPLIES 27
ozkanaltas
Valued Contributor II

Created on ‎06-03-2024 02:29 AM

Hello @HungDT ,

 

 Do you have a trusted host configuration on your admin users?

 

If you say yes, can you add the IP address of the nms tool to the trusted host configuration? It doesn't matter which administrator account you configure. You can configure it to anyone.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
559
HungDT
New Contributor III
In response to ozkanaltas

Created on ‎06-03-2024 02:33 AM

Hi @ozkanaltas,

it means restric login to trusted hosts on Administrators.

556
0 Kudos
ozkanaltas
Valued Contributor II
In response to HungDT

Created on ‎06-03-2024 02:40 AM Edited on ‎06-03-2024 02:48 AM

Hi @HungDT ,

 

If you don't have a trusted host configuration on your admin accounts, you don't need to configure it. This is only valid for those with a trusted host configuration.

 

Can you run these debug commands via CLI? While running these commands can you poll your device from the NMS tool? After running these commands can you collect output and share it with us? 

 

 

diag debug application snmp -1
diag debug enable

 

 

However, if you have not configured SNMP Agent settings within the SNMP configuration, Fortigate may not respond to snmp queries.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
551
HungDT
New Contributor III
In response to ozkanaltas

Created on ‎06-04-2024 02:50 AM

Hi @ozkanaltas 

I send you the picture, it shows updating cached loops.

updating cache.jpg

353
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎06-03-2024 02:46 AM

Can you please post the output of the commands,

 

show system snmp community

show system snmp sysinfo

---------------------------
geek
---------------------------
---------------------------geek---------------------------
546
HungDT
New Contributor III
In response to funkylicious

Created on ‎06-03-2024 02:57 AM

i send you picture

 

check file 1.jpg

535
0 Kudos
ozkanaltas
Valued Contributor II
In response to HungDT

Created on ‎06-03-2024 02:59 AM

Hi @HungDT ,

 

Can you try to configure SNMP Agent information like that or real information? 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
531
HungDT
New Contributor III
In response to ozkanaltas

Created on ‎06-04-2024 02:46 AM

Hi @ozkanaltas ,

 I tried it but it doesn't work. 

356
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎06-04-2024 02:53 AM

are you trying to query a HA dedicated management port ?

if so, please take a look at this, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SNMP-walk-getting-failed-when-using-...

---------------------------
geek
---------------------------
---------------------------geek---------------------------
349
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.