Scenario:
Make: FortiGate & Zabbix
Model: Zabbix v 5.x upto 7.x, FortiOS v 7.2.8 or above
Mode: Command Line Interface [CLI]
Description: In this article, we will discuss a stepwise method of how to resolve the SNMP polling issue in FortiGate HA management interface with Zabbix.
Problem
Sometimes when FortiGate firewalls are added to the Zabbix System for monitoring, the SNMP fails especially when the FortiGate firewalls are having HA management interface. Here we will discuss how to resolve that issue. The error you get is “Timeout while connecting to 10.1.1.1:161“
Refer to the article for How to add a SNMP host into Zabbix system.
Refer to the below article to Configure FortiGate Firewalls for Zabbix Monitoring System
Solution
To solve the issue, we would need to enable HA Direct for both SNMPv2 & SNMPv3. Follow the steps mentioned below to solve the issue.
a. Changes required for SNMPv2
edledge-fw# config system snmp community
edit 1
# config hosts
edit 1
set ha-direct enable
set ip 10.1.1.1 255.255.255.0
next
next
end
b. Changes required for SNMPv3
edledge-fw# config system snmp community
edit 1
set ha-direct enable
set ip 10.1.1.1 255.255.255.0
next
end
If there is more than one HA management port configured, a specific management port can be used for SNMP communication.
In the below configuration, the ‘mgmt1‘ port has been used for SNMP communication.
edledge-fw# config system ha
set ha-mgmt-status enable
# config ha-mgmt-interfaces
edit 1
set interface mgmt1
set dst 10.1.1.1 255.255.255.0
set gateway 10.1.2.254
next
edit 2
set interface mgmt2
set gateway 10.1.2.254
next
end
These changes will be solve the SNMP polling issue of FortiGate firewalls with Zabbix System.
Other important Topics
- How to selectively route Interface traffic via an ISP in Cisco ASA
- How to Install Git on Windows Machines
- Policy Based Routing or PBR with PPPoE Link on Cisco ASA
- How to raise RMA or Replacement of a Faulty Ubiquiti Unifi Device
- How to Install Git on Linux Machines
Source: Knowledge Base, Lab, FortiGate
EA00162