Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adhawan
Staff
Staff

Created on ‎05-15-2023 09:50 PM Edited on ‎05-17-2023 04:59 PM

Article Id 256658

Technical Tip: SNMP process is not listening

Description

This article discusses SNMP traps that are not received by FortiGate.
Scope FortiGate.
Solution

For transmitting log messages to the SNMP server, FortiGate makes use of the HA management interface.

In many cases, ha-direct is enabled under the config system SNMP community, and this cause the traffic flow changed. As FortiGate does react, but the response is transmitted on a different interface where the packet might not be routed back to the requester, it is possible to have timeouts if it is enabled arbitrarily.

A 'timeout' will then follow the request.

 

To verify if the SNMP traffic port 161 is in use by FortiGate via command:

 

TORFW02 # diag sys udpsock | grep 161

0.0.0.0:2668->0.0.0.0:0 state= txq=0 rxq=0 uid=0 inode=90161112 process=337/dnsproxy

 

Solution:

 

By disabling 'ha-direct' inside the SNMP user and community. SNMP process starts listening on the FortiGate.

 

For SNMPv2:

 

config system snmp sysinfo

    set status enable

    set description "Dublin"

    set contact-info "fortinet@example.com"

    set location "Dublin, Ireland"

end

 

config system snmp community

    edit 2

        set name "Enter here the Community name"

            config h

                edit 1

                    set ip 10.5.6.100 255.255.255.255

                    set ha-direct disable

                next

            end

                set query-v1-status disable

                set trap-v1-status disable

                set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open temperature-high voltage-alert power-supply-failure faz-disconnect wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down device-new per-cpu-high dhcp pool-usage ospf-nbr-state-change ospf-virtnbr-state-change

    next

end

 

To verify if the SNMP process is listening again on via command:

 

PBTORFW02 # diag sys udpsock | grep 161

0.0.0.0:161->0.0.0.0:0 state= txq=0 rxq=0 uid=0 inode=90220553 process=19744/snmpd <----- Port 161 in use.

0.0.0.0:2668->0.0.0.0:0 state= txq=0 rxq=0 uid=0 inode=90161112 process=337/dnsproxy
935
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.