Fortiauthenticator 400C in Active/Standby Configuration.
v3.00-build0121-20141128-patch00
Is there a way to detect a Fortiauthenticator failover from the active unit to the standby unit using SNMP polling or traps?
I have looked at the various Fortinet MIBs and although it looks possible with other Fortinet products, it does not seem to be straightforward with the Fortiauthenticator itself.
I have also looked at the FAC specific MIBs but nothing stands out as being for that purpose. The 1.3.6.1.4.1.12356 OID is filled with interesting possibilities, but none of them seem to supported on the FAC 400C.
I've also considered some secondary methods, such as monitoring the CPU, memory or interface usage on both boxes and comparing them to check for indications of a failover. Again, no particular variable stands out as being suited to that purpose.
Is anyone aware of a way that I might be able to achieve the above?
Darren.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I added NFR 279092 to track this feature request. Please feed back through your local Fortinet contact to get your support added to the request.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
This is currently not supported via SNMP. Please escalate via your Fortinet SE contacts and in the mean time I will get an NFR filed as this makes sense to add.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
I added NFR 279092 to track this feature request. Please feed back through your local Fortinet contact to get your support added to the request.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Carl,
Thanks for the prompt response and the helpful reply.
We have asked our support provider to register our interest/support for this feature request.
Darren,
Carl,
I am searching the Web for System Object IDs for Fortinet devices and one of them is a FortiAuthenticator. Above, you said that it is not supported by SNMP - that was a couple of years ago, so is it still the case? The one I am looking for is FAC-3000E.
BTW, the other one is the FMG-3000F.
Thanks for your consideration in this matter!
Dan Flake
Fortiauthenticator supports SNMP, but it did not support HA monitoring back then.
From version 4.0, the Fortiauthenticator supports SNMP traps as follows:
[ul]
As far as I know, there isn't support to read the HA state using SNMP, you can read the raw values for some of the above such as Auth Failure Count, etc.
The Fortinet OID starts at 1.3.6.1.4.1.12356.
The Fortiauthenticator OID starts at 1.3.6.1.4.1.12356.113.1 (facSystem) this includes basic information such as Model (1), Serial (2), Version (3), CPU (4), Memory (5) and Disk Usage (6).
There are further values that can be read at 1.3.6.1.4.1.12356.113.1.202 (facAuth)
I think you should be able to download the MIB from your Fortinet device under System > Administration > SNMP.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1666 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.