Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
HungDT
New Contributor III

Created on ‎06-03-2024 02:26 AM

SNMP don't response traffic

Hi Everyone,

I have the problem with configure SNMP. I use a pair fortigates model: 201F, version 7.2.7. I config HA mode Active-Passive. So I want to monitor 2 fortigates, I have enable snmp agent and config community snmp v2, config interface administrator access service: snmp, ping, https. Test ping from NMS to Fortigate is successful but when NMS send SNMP get but not receive response packet from Fortigate. Can you help me ? Thanks a lot.

local trafficlocal traffic

Labels:
3095
0 Kudos
1 Solution
srajeswaran
Staff
Staff
In response to HungDT

Created on ‎06-05-2024 05:02 AM

The debug shows the route lookup is happening on vsys_hamgmt vdom, which is default vdom when ha-mgmt is enabled. The interface port5 will be part of root (default vdom) and thats why the SNMP packet is getting dropped. Can you enable "set ha-direct enable" under SNMP community as below and test?

 

 

 

# show system snmp community
config system snmp community
edit 1
set name "hostmonitor"
config hosts
edit 1
set ip 10.5.0.36 255.255.255.255
set ha-direct enable ------>>>>Here
next
end
next
end

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

2548
27 REPLIES 27
HungDT
New Contributor III
In response to funkylicious

Created on ‎06-04-2024 02:56 AM

No, I don't use HA dedicated management port to query

1126
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎06-04-2024 03:02 AM Edited on ‎06-04-2024 03:04 AM

ok, can you try and do a manual snmp query from the server and see if you get any values returned ?

 

snmpwalk -v2c -c COMMUNITY IP 1.3.6.1.4.1.12356.101 or 1.3.6.1.4.1.12356.1.1

"jack of all trades, master of none"
"jack of all trades, master of none"
1123
HungDT
New Contributor III
In response to funkylicious

Created on ‎06-04-2024 07:48 PM

HI @funkylicious ,

 

I can't query from NMS server to Fortigate. 

1060
0 Kudos
funkylicious
SuperUser
SuperUser
In response to HungDT

Created on ‎06-04-2024 09:46 PM

Ok, just use another host from which you can do a query and add it in the SNMP configuration on the FGT.

If it works then it's a NMS issue, imo.

"jack of all trades, master of none"
"jack of all trades, master of none"
1020
HungDT
New Contributor III
In response to funkylicious

Created on ‎06-05-2024 12:25 AM

HI @funkylicious ,

 

It still doesn't work. Do you have any ideas ? 

998
0 Kudos
srajeswaran
Staff
Staff

Created on ‎06-04-2024 03:39 AM

do you have VDOMs? Is the interface part of management vdom as suggested in https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SNMP-is-not-established-after-comple... ?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1117
HungDT
New Contributor III
In response to srajeswaran

Created on ‎06-04-2024 07:46 PM

HI @srajeswaran ,

I don't enable Virtual Domains. If you know where the problem is, let me know. Thanks a lot.

1062
0 Kudos
hbac
Staff
Staff

Created on ‎06-04-2024 06:11 AM

Hi @HungDT,

 

You can also run debug flow to see if it is being dropped:

di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter port 161
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 9999
diagnose debug enable

 

Regards, 

1089
HungDT
New Contributor III
In response to hbac

Created on ‎06-04-2024 08:04 PM

Thanks @hbac,

But I still don't know the problem occurs.

 

1056
0 Kudos
AEK
SuperUser
SuperUser
In response to HungDT

Created on ‎06-05-2024 12:46 AM

Hi Hung

If you can run the commands shared by hbac on your FortiGate's CLI then we can see what your FortiGate is doing with NMC's SNMP queries.

AEK
AEK
993
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.