Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssambandhan
Staff
Staff

Created on ‎08-28-2019 02:36 AM Edited on ‎04-07-2025 10:35 PM By Community Manager

Article Id 197447

Technical Tip: Legacy method to query specific VDOM routing information using SNMP

Description


This article describes a legacy method to query some specific VDOM information using SNMP.

 

Scope


FortiGate v7.0 and earlier.

Solution


Note:

This is a legacy method for firmware versions that do not support SNMP for VDOMs. It is not recommended in most cases and only supports querying IP pool, BGP, OSPF and OSPFv3 information. In FortiOS v7.2 and later, SNMP fully supports VDOMs using the configuration described in Technical Tip: Configuring SNMP when VDOM is enabled

Querying VDOM specific information is possible by using dedicated community strings, or custom SNMP users if using SNMPv3.

In this example, FortiGate has the following VDOMs :

  • 'root' (Management VDOM).
  • 'One'.

The information to query is the OSPF configuration, which is different for each VDOM.

On 'root' VDOM:

 

config router ospf
    config area
        edit 0.0.0.4
        next
    end
    config network
        edit 1
            set prefix 192.168.174.0 255.255.255.0
            set area 0.0.0.4
        next
    end

end

 

On 'One' VDOM:

 

config router ospf
    config area
        edit 0.0.0.25
        next
    end
    config network
        edit 1
            set prefix 192.168.25.0 255.255.255.0
            set area 0.0.0.25
        next
    end
    …
end

 

SNMPv1/v2c.

Configure community strings like described below screenshot:

 
The community 'private' is for general usage and 'private-One' community can query BGP/OSPF/OSPFV3/IP pool information from the VDOM 'One'.
The syntax which should be use for the community is as follows: <communityname>-<VDOM_Name>.

SNMPv3.
 
config system snmp user
edit "fortinet"
set security-level auth-priv
set auth-pwd <auth_password>
set priv-pwd <AES_key>
next
edit "fortinet-One"
set security-level auth-priv
set auth-pwd <auth_password>
set priv-pwd <AES_key>
next
end

Alternatively, configure the SNMPv3 users using GUI.
 
Matt_B_0-1744053113130.png

 


Additional configuration (all SNMP versions):
Enable 'SNMP' access on the FortiGate interface which will be queried with SNMP. This interface must be part of the management VDOM.
 

If trusted hosts are configured on the FortiGate, the SNMP manager IP should be added to the list.
 
Query the FortiGate from the SNMP manager using following SNMPv2c or SNMPv3 command to request OSPF information for 'root' VDOM:
 
# snmpwalk -v2c -c private <FortiGate IP ADDRESS> 1.3.6.1.2.1.1
# snmpwalk -v3 -l authPriv -u fortinet -a SHA -A "<SHA-Password>" -x AES -X "<AES-Password>" <IPADDRESS of FortiGate> 1.3.6.1.2.1.14Response:
SNMPv2-SMI::mib-2.14.1.1.0 = IpAddress: 0.0.0.0
SNMPv2-SMI::mib-2.14.1.2.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.3.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.4.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.5.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.6.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.7.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.8.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.9.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.10.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.11.0 = INTEGER: -1
SNMPv2-SMI::mib-2.14.1.12.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.13.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.14.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.15.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.16.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.17.0 = Gauge32: 1000000
SNMPv2-SMI::mib-2.14.1.18.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.19.0 = INTEGER: 60
SNMPv2-SMI::mib-2.14.1.20.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.21.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.22.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.23.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.24.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.25.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.26.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.27.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.28.0 = Timeticks: (0) 0:00:00.00
SNMPv2-SMI::mib-2.14.2.1.1.0.0.0.4 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.2.1.2.0.0.0.4 = NULL
SNMPv2-SMI::mib-2.14.2.1.3.0.0.0.4 = INTEGER: 1
SNMPv2-SMI::mib-2.14.2.1.4.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.5.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.6.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.7.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.8.0.0.0.4 = INTEGER: 0
SNMPv2-SMI::mib-2.14.2.1.9.0.0.0.4 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.10.0.0.0.4 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.11.0.0.0.4 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.12.0.0.0.4 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.13.0.0.0.4 = INTEGER: 40
SNMPv2-SMI::mib-2.14.2.1.14.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.1 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.2 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.3 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.4 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.7 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.10 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.1 = INTEGER: 1
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.2 = INTEGER: 2
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.3 = INTEGER: 3
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.4 = INTEGER: 4
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.7 = INTEGER: 7
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.10 = INTEGER: 10
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.1 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.2 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.3 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.7 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.10 = Gauge32: 0Use a different community/user to get the OSPF information from “One” VDOM:
#snmpwalk -v2c -c private-One <FortiGate IPADDRESS> 1.3.6.1.2.1.14
# snmpwalk -v3 -l authPriv -u Fortinet-One -a SHA -A "<SHA-Password>" -x AES -X "<AES-Password>" <IPADDRESS of FortiGate> 1.3.6.1.2.1.14

Response:
 
SNMPv2-SMI::mib-2.14.1.1.0 = IpAddress: 0.0.0.0
SNMPv2-SMI::mib-2.14.1.2.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.3.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.4.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.5.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.6.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.7.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.8.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.9.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.10.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.11.0 = INTEGER: -1
SNMPv2-SMI::mib-2.14.1.12.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.13.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.14.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.15.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.16.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.17.0 = Gauge32: 1000000
SNMPv2-SMI::mib-2.14.1.18.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.19.0 = INTEGER: 60
SNMPv2-SMI::mib-2.14.1.20.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.21.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.22.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.23.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.24.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.25.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.26.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.27.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.28.0 = Timeticks: (0) 0:00:00.00
SNMPv2-SMI::mib-2.14.2.1.1.0.0.0.25 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.2.1.2.0.0.0.25 = NULL
SNMPv2-SMI::mib-2.14.2.1.3.0.0.0.25 = INTEGER: 1
SNMPv2-SMI::mib-2.14.2.1.4.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.5.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.6.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.7.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.8.0.0.0.25 = INTEGER: 0
SNMPv2-SMI::mib-2.14.2.1.9.0.0.0.25 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.10.0.0.0.25 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.11.0.0.0.25 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.12.0.0.0.25 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.13.0.0.0.25 = INTEGER: 40
SNMPv2-SMI::mib-2.14.2.1.14.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.1 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.2 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.3 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.4 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.7 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.10 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.1 = INTEGER: 1
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.2 = INTEGER: 2
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.3 = INTEGER: 3
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.4 = INTEGER: 4
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.7 = INTEGER: 7
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.10 = INTEGER: 10
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.1 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.2 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.3 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.7 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.10 = Gauge32: 0
15262
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.