Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ds_warwick
New Contributor

SNMP monitoring for Fortiauthenticator active/standby failover

Fortiauthenticator 400C in Active/Standby Configuration.

v3.00-build0121-20141128-patch00

 

Is there a way to detect a Fortiauthenticator failover from the active unit to the standby unit using SNMP polling or traps?

 

I have looked at the various Fortinet MIBs and although it looks possible with other Fortinet products, it does not seem to be straightforward with the Fortiauthenticator itself.

 

I have also looked at the FAC specific MIBs but nothing stands out as being for that purpose. The 1.3.6.1.4.1.12356 OID is filled with interesting possibilities, but none of them seem to supported on the FAC 400C.

 

I've also considered some secondary methods, such as monitoring the CPU, memory or interface usage on both boxes and comparing them to check for indications of a failover. Again, no particular variable stands out as being suited to that purpose.

 

Is anyone aware of a way that I might be able to achieve the above?

 

Darren.

1 Solution
Carl_Windsor_FTNT

I added NFR 279092 to track this feature request.  Please feed back through your local Fortinet contact to get your support added to the request.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

View solution in original post

5 REPLIES 5
Carl_Windsor_FTNT

This is currently not supported via SNMP.  Please escalate via your Fortinet SE contacts and in the mean time I will get an NFR filed as this makes sense to add.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Carl_Windsor_FTNT

I added NFR 279092 to track this feature request.  Please feed back through your local Fortinet contact to get your support added to the request.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

ds_warwick

Carl,

 

Thanks for the prompt response and the helpful reply.

 

We have asked our support provider to register our interest/support for this feature request.

 

Darren, 

danflake

Carl,

I am searching the Web for System Object IDs for Fortinet devices and one of them is a FortiAuthenticator. Above, you said that it is not supported by SNMP - that was a couple of years ago, so is it still the case? The one I am looking for is FAC-3000E.

 

BTW, the other one is the FMG-3000F.

 

Thanks for your consideration in this matter!

 

Dan Flake

ds_warwick

Fortiauthenticator supports SNMP, but it did not support HA monitoring back then.

From version 4.0, the Fortiauthenticator supports SNMP traps as follows:

 

[ul]
  • CPU usage is high
  • Memory is low
  • Interface IP is changed
  • Auth users threshold exceeded
  • Auth group threshold exceeded
  • Radius NAS threshold exceeded
  • Auth event rate threshold exceeded
  • Auth failure rate threshold exceeded
  • User lockout detected
  • HA status is changed[/ul]

     

    As far as I know, there isn't support to read the HA state using SNMP, you can read the raw values for some of the above such as Auth Failure Count, etc.

     

    The Fortinet OID starts at 1.3.6.1.4.1.12356.

     

    The Fortiauthenticator OID starts at 1.3.6.1.4.1.12356.113.1 (facSystem) this includes basic information such as Model (1), Serial (2), Version (3), CPU (4), Memory (5) and Disk Usage (6).

    There are further values that can be read at 1.3.6.1.4.1.12356.113.1.202 (facAuth)

     

    I think you should be able to download the MIB from your Fortinet device under System > Administration > SNMP.

     

     

     

  • Labels
    Top Kudoed Authors