Description |
This article discusses SNMP traps that are not received by FortiGate. |
Scope | FortiGate. |
Solution |
For transmitting log messages to the SNMP server, FortiGate makes use of the HA management interface. In many cases, ha-direct is enabled under the config system SNMP community, and this cause the traffic flow changed. As FortiGate does react, but the response is transmitted on a different interface where the packet might not be routed back to the requester, it is possible to have timeouts if it is enabled arbitrarily. A 'timeout' will then follow the request.
To verify if the SNMP traffic port 161 is in use by FortiGate via command:
TORFW02 # diag sys udpsock | grep 161 0.0.0.0:2668->0.0.0.0:0 state= txq=0 rxq=0 uid=0 inode=90161112 process=337/dnsproxy
Solution:
By disabling 'ha-direct' inside the SNMP user and community. SNMP process starts listening on the FortiGate.
For SNMPv2:
config system snmp sysinfo set status enable set description "Dublin" set contact-info "fortinet@example.com" set location "Dublin, Ireland" end
config system snmp community edit 2 set name "Enter here the Community name" config h edit 1 set ip 10.5.6.100 255.255.255.255 set ha-direct disable next end set query-v1-status disable set trap-v1-status disable set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open temperature-high voltage-alert power-supply-failure faz-disconnect wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down device-new per-cpu-high dhcp pool-usage ospf-nbr-state-change ospf-virtnbr-state-change next end
To verify if the SNMP process is listening again on via command:
PBTORFW02 # diag sys udpsock | grep 161 0.0.0.0:161->0.0.0.0:0 state= txq=0 rxq=0 uid=0 inode=90220553 process=19744/snmpd <----- Port 161 in use. 0.0.0.0:2668->0.0.0.0:0 state= txq=0 rxq=0 uid=0 inode=90161112 process=337/dnsproxy |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.