FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssambandhan
Staff
Staff
Article Id 197447

Description
This article describes how to query specific VDOM Data using SNMPv1/v2.
OSPF information is being queried as an example.

NOTE:
Not all OID are supported with this method due to design limitations.
If there is a requirement to query specific OID’s via this method, contact our sales team to request a new feature.


Solution
Querying VDOM specific information is possible by using dedicated community strings.

In this example, FortiGate has the following VDOMs :
- 'root' (Management VDOM).
- 'One'.

The information to query is the OSPF configuration, which is different for each VDOM.

On 'root' VDOM:

# config router ospf
    config area
        edit 0.0.0.4
        next
    end
    config network
        edit 1
            set prefix 192.168.174.0 255.255.255.0
            set area 0.0.0.4
        next
    end

end

On 'One' VDOM :

# config router ospf
    config area
        edit 0.0.0.25
        next
    end
    config network
        edit 1
            set prefix 192.168.25.0 255.255.255.0
            set area 0.0.0.25
        next
    end
    …
end

Then, create 2 community strings like described on below screenshot:


 
The community 'private' is for general usage and 'private-One' community will allow us to query special information from another VDOM.
The syntax which should be use for the community is as follows: <communityname>-<VDOM_Name>.
In addition, it is required to enable 'SNMP' access on the FortiGate interface which will be queried with SNMP.


 

Note:
This interface has to be member of the Management VDOM, in this case 'root'.
If trusted hosts are configured on the FortiGate, the SNMP manager IP should be added to the list.
 
Query the FortiGate from the SNMP manager using following command to request OSPF information for “root” VDOM :
#snmpwalk -v2c -c private <FortiGate IPADDRESS> 1.3.6.1.2.1.14
Response:
SNMPv2-SMI::mib-2.14.1.1.0 = IpAddress: 0.0.0.0
SNMPv2-SMI::mib-2.14.1.2.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.3.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.4.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.5.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.6.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.7.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.8.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.9.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.10.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.11.0 = INTEGER: -1
SNMPv2-SMI::mib-2.14.1.12.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.13.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.14.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.15.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.16.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.17.0 = Gauge32: 1000000
SNMPv2-SMI::mib-2.14.1.18.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.19.0 = INTEGER: 60
SNMPv2-SMI::mib-2.14.1.20.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.21.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.22.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.23.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.24.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.25.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.26.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.27.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.28.0 = Timeticks: (0) 0:00:00.00
SNMPv2-SMI::mib-2.14.2.1.1.0.0.0.4 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.2.1.2.0.0.0.4 = NULL
SNMPv2-SMI::mib-2.14.2.1.3.0.0.0.4 = INTEGER: 1
SNMPv2-SMI::mib-2.14.2.1.4.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.5.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.6.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.7.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.8.0.0.0.4 = INTEGER: 0
SNMPv2-SMI::mib-2.14.2.1.9.0.0.0.4 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.10.0.0.0.4 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.11.0.0.0.4 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.12.0.0.0.4 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.13.0.0.0.4 = INTEGER: 40
SNMPv2-SMI::mib-2.14.2.1.14.0.0.0.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.1 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.2 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.3 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.4 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.7 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.4.10 = IpAddress: 0.0.0.4
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.1 = INTEGER: 1
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.2 = INTEGER: 2
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.3 = INTEGER: 3
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.4 = INTEGER: 4
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.7 = INTEGER: 7
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.4.10 = INTEGER: 10
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.1 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.2 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.3 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.7 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.4.10 = Gauge32: 0
Use a different community to get the OSPF information from “One” VDOM:
#snmpwalk -v2c -c private-One <FortiGate IPADDRESS> 1.3.6.1.2.1.14
Response:
SNMPv2-SMI::mib-2.14.1.1.0 = IpAddress: 0.0.0.0
SNMPv2-SMI::mib-2.14.1.2.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.3.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.4.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.5.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.6.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.7.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.8.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.9.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.10.0 = Counter32: 0
SNMPv2-SMI::mib-2.14.1.11.0 = INTEGER: -1
SNMPv2-SMI::mib-2.14.1.12.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.13.0 = INTEGER: 0
SNMPv2-SMI::mib-2.14.1.14.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.15.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.16.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.17.0 = Gauge32: 1000000
SNMPv2-SMI::mib-2.14.1.18.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.19.0 = INTEGER: 60
SNMPv2-SMI::mib-2.14.1.20.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.21.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.22.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.23.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.24.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.25.0 = Gauge32: 0
SNMPv2-SMI::mib-2.14.1.26.0 = INTEGER: 2
SNMPv2-SMI::mib-2.14.1.27.0 = INTEGER: 1
SNMPv2-SMI::mib-2.14.1.28.0 = Timeticks: (0) 0:00:00.00
SNMPv2-SMI::mib-2.14.2.1.1.0.0.0.25 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.2.1.2.0.0.0.25 = NULL
SNMPv2-SMI::mib-2.14.2.1.3.0.0.0.25 = INTEGER: 1
SNMPv2-SMI::mib-2.14.2.1.4.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.5.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.6.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.7.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.2.1.8.0.0.0.25 = INTEGER: 0
SNMPv2-SMI::mib-2.14.2.1.9.0.0.0.25 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.10.0.0.0.25 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.11.0.0.0.25 = INTEGER: 2
SNMPv2-SMI::mib-2.14.2.1.12.0.0.0.25 = INTEGER: 3
SNMPv2-SMI::mib-2.14.2.1.13.0.0.0.25 = INTEGER: 40
SNMPv2-SMI::mib-2.14.2.1.14.0.0.0.25 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.1 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.2 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.3 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.4 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.7 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.1.0.0.0.25.10 = IpAddress: 0.0.0.25
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.1 = INTEGER: 1
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.2 = INTEGER: 2
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.3 = INTEGER: 3
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.4 = INTEGER: 4
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.7 = INTEGER: 7
SNMPv2-SMI::mib-2.14.20.1.2.0.0.0.25.10 = INTEGER: 10
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.1 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.2 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.3 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.4 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.7 = Gauge32: 0
SNMPv2-SMI::mib-2.14.20.1.3.0.0.0.25.10 = Gauge32: 0




 

Contributors