Posts Tagged

Firewall

Monitor the cluster on Fortinet devices. New OID

Updating firmwares from Fortinet v4.0 MR2 to MR3, the “cluster-check” was no more working on OpenNMS. After searching on Fortinet Knowledge base pages I figured out that Fortinet has changed the OID for the cluster checks. This is the new OID:

### cluster is up and running ###
[root@nms2 ~]# snmpwalk -v2c –c public  fwIP 1.3.6.1.4.1.12356.101.13.2.1.1.1
SNMPv2-SMI::enterprises.12356.101.13.2.1.1.1.1 = INTEGER: 1
SNMPv2-SMI::enterprises.12356.101.13.2.1.1.1.2 = INTEGER: 2
### cluster is down ###
[root@nms2 ~]# snmpwalk -v2c –c public  fwIP 1.3.6.1.4.1.12356.101.13.2.1.1.1
SNMPv2-SMI::enterprises.12356.101.13.2.1.1.1.1 = INTEGER: 1

To add the new service we just need to add this monitor on the file poller-configuration.xml.

<service name="FortinetCluster" interval="300000"
            user-defined="false" status="on">
            <parameter key="retry" value="1"/>
            <parameter key="timeout" value="3000"/>
            <parameter key="port" value="161"/>
            <parameter key="oid" value="1.3.6.1.4.1.12356.101.13.2.1.1.1"/>
            <parameter key="operator" value="&lt;"/>
            <parameter key="operand" value="3"/>
            <parameter key="walk" value="true"/>
            <parameter key="match-all" value="count"/>
            <parameter key="minimum" value="2"/>
            <parameter key="maximum" value="2"/>
</service>

As a final step the only thing missing is to add this service to the interested nodes (your updated Fortigates).