Hi
Struggling and troubleshooting for hours and found out that Fortigate (FortiOS 7.0.9) just responds to SNMP on its management VDOM interfaces. So:
1- Is there any way to force it to respond to SNMP requests received on interfaces which are not member of the Management VDOM (For security purpose I don't like this VDOM to be routed into internal network, just use if for Fortiguard)
2- How, using a VDOM link I can config the SNMP requests to be routed to the management VDOM. I built a /30 link between the internal VDOM and management VDOM. Should I make the management VDOM /30 IP to be reachable all through network to monitoring device? Is there a method to tell the device to route just SNMP packets to that IP? (Receive them on internal VDOM, route to management VDOM through the VDOM link, get the response and send it back to monitoring software)
Or maybe there are better ways to do this.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes just use a FW policy that allows only SNMP (UDP/161) from non-mgmt VDOM intf to inter-vdom link.
Hi,
It did not work and as a matter of fact I wonder how it should work. The SNMP traffic reaches the non-management interface and the box itself decides that it should be sent to management interface, uses the rule and ... ?
Let me say again that just switching the management vdom will put SNMP to work. Meanwhile maybe the pictures below be of any help. And BTW, I upgraded to FortiOS 7.2.
You need policy in root VDOM allowing traffic across the VDOM link. You need policy in management VDOM allowing traffic from the VDOM link to the relevant intf.
You need routing set up to work properly across the VDOM links.
Have you done all this?
The above normally works for one device. But will this work for both devices in HA mode? I could manage to get this to work for only the primary device. If your in HA and doing active-active non-loadbalancing or loadbalancing it didn't work for me.
Any suggestions?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.