This is a detailed guide on how monitor a Fortigate Firewall using SNMPv2 and Observium.
1. Configure SNMP on the Fortigate.
1.1 Add SNMP string and SNMP server (Observium Server IP) to Fortigate
The name in this instance is the community string to authenticate the agent and server “SNMPGUIDE!”.
config system snmp community edit 1 set name "SNMPGUIDE!" config hosts edit 1 set ip 91.203.x.x 255.255.255.255 next end set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open faz-disconnect wc-ap-up wc-ap-down next end
1.2 Allow access for SNMP on Fortigate interface.
You will need to set allowaccess for SNMP on the fortigate’s interface.
config system interface edit "wan1" set vdom "root" set ip 192.168.1.150 255.255.255.0 set allowaccess ping https ssh snmp
1.3 Add Observium IP address to trusted host of the Fortigate
config system admin edit "admin" set trusthost4 91.203.x.x 255.255.255.255
2. Add SNMP string and SNMP agent (Fortigate IP) to Observium
Under devices click new device. Add the end-point IP address of the Fortigate and the community string.
If all is well you should see confirmation that the device has been added successfully.
4.1 Make sure all settings match as per above IP addresses and Community strings.
4.2 Ensure traffic is being sent and reaching it’s destination.
diagnose sniffer packet any "port 161" diagnose sniffer packet any "host 91.203.x.x"
root@Syslog:~# tcpdump -i eth0 -port 161
You can specify a different port if your server is listening on a different port.
If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.
Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud
Thank you for reading and please feel free to leave any feedback.