Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amorales
New Contributor

SNMP - Managed FortiSwitch

Hi, I would like to know if possible to monitor FortiSwitch devices using SNMP, and the best way to do it. I have found some Fortinet documentation about how to configure SNMP for managed FortiSwitch devices but I am not sure if queries should be send to FortiSwitch IP or towards the FortiGate IP. Keep in mind that I am using the default IP for FortiLink interface and it is not routed, so I cannot reach FortiSwitch devices IP from the SNMP server. Thanks in advance.

4 REPLIES 4
mike_dp
New Contributor

You have to set up multiple things :

From the Fortigate you need to set all the snmp stuff in CLI in the conf switch-controller snmp... sub menus. That way all the snmp configs will be pushed to all of your Fortiswitches. You will also need to allow the SNMP traffic to reach the fortilink interface with a policy. You will have to set that policy from CLI because the fortilink interface isn't in the drop down list when creating a policy.

The Fortiswitches needs to have a routable IP address so it's reachable from your SNMP server. You will need to set a static route to reach the snmp server, allow SNMP on the internal interface of the Fortiswitch.

Fortigate : 80E, 80F, 100E, 200F, 300E : 6.4.6

FortiAnalyzer, ForticlientEMS

Karar
New Contributor

I'm also trying to figure this out - I managed to get all the SNMP config onto my Fortiswitch that is managed via Fortilink by my Fortigate but I can't get a layer 3 address on it to use as the source of the SNMP traffic. I might go to TAC shortly if I can't get this figured out but if you get any luck let me know.

mike_dp
New Contributor

For layer 3 traffic you need to set an IP address on the Fortiswitch :

conf sys interface

edit internal

set mode static 

set ip address x.x.x.x x.x.x.x

next

 

you'll also need to set routing in the fortiswitch

conf router static

edit 1

set dst x.x.x.x x.x.x.x (snmp server subnet)

set gateway x.x.x.x (fortigate fortilink ip)

 

you'll have to route that subnet to your snmp server. to test you could ping from the fortiswitch the snmp server and make sure to allow that traffic in your fortigate policies.

 

 

 

 

 

 

 

Fortigate : 80E, 80F, 100E, 200F, 300E : 6.4.6

FortiAnalyzer, ForticlientEMS

ac1

Did you get a TAC response?