Fortinet white logo
Fortinet white logo

Session-Aware Load Balancing Cluster Guide

5.2.11

Managing the FortiControllers (including SNMP and FortiManager)

Managing the FortiControllers (including SNMP and FortiManager)

You can manage the primary FortiController using the IP address of its mgmt interface, set up when you first configured the primary FortiController. You can use this address for GUI access, CLI access, SNMP queries and FortiManager access.

The only way to remotely manage a secondary FortiController is by using the SLBC External Management IP and a special port number. See Managing the FortiControllers (including SNMP and FortiManager). You can also connect to the primary or secondary FortiController’s console port.

FortiManager supports managing the primary FortiController. It may take some time after a new FortiController model is released for FortiManager to support it. Managing secondary FortiControllers with FortiManager is not recommended.

To manage a FortiController using SNMP you need to load the FORTINET-CORE-MIB.mib file into your SNMP manager. You can get this MIB file from the Fortinet support site, in the same location as the current FortiController firmware (select the FortiSwitchATCA product). You also need to configure SNMP settings (usually on the primary FortiController. The SNMP configuration is synchronized to the secondary FortiControllers.

First, enable SNMP access on the mgmt interface. Then from the CLI, configure system information. Make sure to set status to enable:

config system snmp sysinfo

set contact-info <string>

set description <string>

set location <string>

set status {enable | disable}

set trap-high-cpu-treshold <percentage>

set trap-lowmemory-treshold <percentage>

end

Second add one or more SNMP communities:

config system snmp community

edit <index_integer>

set events {cpu-high | mem-low | ha-switch | ha-hb-member-up | ha-member-down | hbfail | hbrcv | tkmem-down | tkmem-up}

set name <name_string>

set query-v1-port <port_number>

set query-v1-status {enable | disable}

set query-v2c-port <port_number>

set query-v2c=status <port_number>

set status {enable | disable}

set trap-v1-lport <port_number>

set trap-v1-rport <port_number>

set trap-v1-status {enable | disable}

set trap-v2c-lport <port_number>

set trap-v2c-rport <port_number>

set trap-v2c-status {enable | disable}

end

FortiControllers can send SNMP traps for the following events:

  • cpu-high, cpu usage too high
  • mem-low, available memory too low
  • ha-switch, cluster status change
  • ha-hb-member-up, FortiController (cluster member) up
  • ha-member-down, FortiController (cluster member) down,
  • hbfail, heartbeat failure
  • hbrcv, heartbeat received
  • tkmem-down, worker (trunk member) down
  • tkmem-up, worker (trunk member) up

Managing the FortiControllers (including SNMP and FortiManager)

Managing the FortiControllers (including SNMP and FortiManager)

You can manage the primary FortiController using the IP address of its mgmt interface, set up when you first configured the primary FortiController. You can use this address for GUI access, CLI access, SNMP queries and FortiManager access.

The only way to remotely manage a secondary FortiController is by using the SLBC External Management IP and a special port number. See Managing the FortiControllers (including SNMP and FortiManager). You can also connect to the primary or secondary FortiController’s console port.

FortiManager supports managing the primary FortiController. It may take some time after a new FortiController model is released for FortiManager to support it. Managing secondary FortiControllers with FortiManager is not recommended.

To manage a FortiController using SNMP you need to load the FORTINET-CORE-MIB.mib file into your SNMP manager. You can get this MIB file from the Fortinet support site, in the same location as the current FortiController firmware (select the FortiSwitchATCA product). You also need to configure SNMP settings (usually on the primary FortiController. The SNMP configuration is synchronized to the secondary FortiControllers.

First, enable SNMP access on the mgmt interface. Then from the CLI, configure system information. Make sure to set status to enable:

config system snmp sysinfo

set contact-info <string>

set description <string>

set location <string>

set status {enable | disable}

set trap-high-cpu-treshold <percentage>

set trap-lowmemory-treshold <percentage>

end

Second add one or more SNMP communities:

config system snmp community

edit <index_integer>

set events {cpu-high | mem-low | ha-switch | ha-hb-member-up | ha-member-down | hbfail | hbrcv | tkmem-down | tkmem-up}

set name <name_string>

set query-v1-port <port_number>

set query-v1-status {enable | disable}

set query-v2c-port <port_number>

set query-v2c=status <port_number>

set status {enable | disable}

set trap-v1-lport <port_number>

set trap-v1-rport <port_number>

set trap-v1-status {enable | disable}

set trap-v2c-lport <port_number>

set trap-v2c-rport <port_number>

set trap-v2c-status {enable | disable}

end

FortiControllers can send SNMP traps for the following events:

  • cpu-high, cpu usage too high
  • mem-low, available memory too low
  • ha-switch, cluster status change
  • ha-hb-member-up, FortiController (cluster member) up
  • ha-member-down, FortiController (cluster member) down,
  • hbfail, heartbeat failure
  • hbrcv, heartbeat received
  • tkmem-down, worker (trunk member) down
  • tkmem-up, worker (trunk member) up