Fortinet black logo

New Features

Add SNMP OIDs for shaping-related statistics

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:646001
Download PDF

Add SNMP OIDs for shaping-related statistics

Four SNMP OIDs have been added for polling the number of packets and bytes that either conform or discard by traffic shaping.

SNMP OID

Description

fgIntfBcQPackets 1.3.6.1.4.1.12356.101.7.5.4.1.1

Packets conform by shaping in the interface, policy, and class.

fgIntfBcQBytes 1.3.6.1.4.1.12356.101.7.5.4.1.2

Bytes conform by shaping in the interface, policy, and class.

fgIntfBcQPDrops 1.3.6.1.4.1.12356.101.7.5.4.1.3

Packets discard by shaping in the interface, policy, and class.

fgIntfBcQBDrops 1.3.6.1.4.1.12356.101.7.5.4.1.4

Bytes discard by shaping in the interface, policy, and class.

To configure an OID related to traffic shaping:
  1. Configure SNMP:
    config system snmp community
        edit 1
            set name "SNMP-TEST"
            config hosts
                edit 1
                    set ip 10.1.100.11 255.255.255.255
                next
                edit 2
                    set ip 172.16.200.55 255.255.255.255
                next
            end
            config hosts6
                edit 1
                    set ipv6 2000:172:16:200::55/128
                next
                edit 2
                    set ipv6 2000:10:1:100::11/128
                next
            end
            set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change fm-conf-change ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update faz-disconnect
        next
    end
  2. Configure the traffic shaping profile:
    config firewall shaping-profile
        edit "eth-shape-hierarchical"
            set comment "output shaper"
            set type queuing
            set default-class 31
            config classes
                edit 31
                    set class-id 31
                    set priority low
                    set maximum-bandwidth-percentage 100
                next
                edit 11
                    set class-id 11
                    set priority top
                    set guaranteed-bandwidth-percentage 50
                    set maximum-bandwidth-percentage 50
                    set limit 5
                next
                edit 12
                    set class-id 12
                    set priority critical
                    set guaranteed-bandwidth-percentage 20
                    set maximum-bandwidth-percentage 100
                    set red-probability 10
                    set min 5
                    set max 10
                next
            end
        next
    end
  3. Configure the traffic shaping policy:
    config firewall shaping-policy
        edit 11
            set comment "DIAMOND - 26 - AF31"
            set service "ALL"
            set dstintf "WAN"
            set diffserv-forward enable
            set diffservcode-forward 011010
            set class-id 11
            set srcaddr "HOST_10.71.15.2"
            set dstaddr "HOST_10.72.15.2"
        next
        edit 25
            set comment "GOLD - 20 - AF22"
            set service "ALL"
            set dstintf "WAN"
            set diffserv-forward enable
            set diffservcode-forward 010100
            set class-id 12
            set srcaddr "HOST_10.71.15.3"
            set dstaddr "HOST_10.72.15.3"
        next
    end
  4. Configure the traffic class:
    config firewall traffic-class
        edit 11
            set class-name "a"
        next
        edit 12
            set class-name "b"
        next
        edit 13
            set class-name "c"
        next
        edit 14
            set class-name "d"
        next
    end
  5. Configure the interface:
    config system interface
        edit "wan1"
            set vdom "root"
            set ip 172.16.200.1 255.255.255.0
            set allowaccess ping
            set type physical
            set outbandwidth 1024
            set egress-shaping-profile "eth-shape-hierarchical"
            set role lan
            set snmp-index 1
        next
    end
Sample query
$ snmpwalk -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.7.5.4.1.1
FORTINET-FORTIGATE-MIB::fgIntfBcQPackets.1.12 = Counter64: 11992
FORTINET-FORTIGATE-MIB::fgIntfBcQPackets.1.13 = Counter64: 2015
FORTINET-FORTIGATE-MIB::fgIntfBcQPackets.1.14 = Counter64: 2014
FORTINET-FORTIGATE-MIB::fgIntfBcQPackets.1.15 = Counter64: 1062
$ snmpwalk -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.7.5.4.1.2
FORTINET-FORTIGATE-MIB::fgIntfBcQBytes.1.12 = Counter64: 3021984
FORTINET-FORTIGATE-MIB::fgIntfBcQBytes.1.13 = Counter64: 507780
FORTINET-FORTIGATE-MIB::fgIntfBcQBytes.1.14 = Counter64: 507528
FORTINET-FORTIGATE-MIB::fgIntfBcQBytes.1.15 = Counter64: 266272
$ snmpwalk -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.7.5.4.1.3
FORTINET-FORTIGATE-MIB::fgIntfBcQPDrops.1.12 = Counter64: 15211
FORTINET-FORTIGATE-MIB::fgIntfBcQPDrops.1.13 = Counter64: 0
FORTINET-FORTIGATE-MIB::fgIntfBcQPDrops.1.14 = Counter64: 0
FORTINET-FORTIGATE-MIB::fgIntfBcQPDrops.1.15 = Counter64: 15267
$ snmpwalk -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.7.5.4.1.4
FORTINET-FORTIGATE-MIB::fgIntfBcQBDrops.1.12 = Counter64: 3833172
FORTINET-FORTIGATE-MIB::fgIntfBcQBDrops.1.13 = Counter64: 0
FORTINET-FORTIGATE-MIB::fgIntfBcQBDrops.1.14 = Counter64: 0
FORTINET-FORTIGATE-MIB::fgIntfBcQBDrops.1.15 = Counter64: 3816750

Add SNMP OIDs for shaping-related statistics

Four SNMP OIDs have been added for polling the number of packets and bytes that either conform or discard by traffic shaping.

SNMP OID

Description

fgIntfBcQPackets 1.3.6.1.4.1.12356.101.7.5.4.1.1

Packets conform by shaping in the interface, policy, and class.

fgIntfBcQBytes 1.3.6.1.4.1.12356.101.7.5.4.1.2

Bytes conform by shaping in the interface, policy, and class.

fgIntfBcQPDrops 1.3.6.1.4.1.12356.101.7.5.4.1.3

Packets discard by shaping in the interface, policy, and class.

fgIntfBcQBDrops 1.3.6.1.4.1.12356.101.7.5.4.1.4

Bytes discard by shaping in the interface, policy, and class.

To configure an OID related to traffic shaping:
  1. Configure SNMP:
    config system snmp community
        edit 1
            set name "SNMP-TEST"
            config hosts
                edit 1
                    set ip 10.1.100.11 255.255.255.255
                next
                edit 2
                    set ip 172.16.200.55 255.255.255.255
                next
            end
            config hosts6
                edit 1
                    set ipv6 2000:172:16:200::55/128
                next
                edit 2
                    set ipv6 2000:10:1:100::11/128
                next
            end
            set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change fm-conf-change ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update faz-disconnect
        next
    end
  2. Configure the traffic shaping profile:
    config firewall shaping-profile
        edit "eth-shape-hierarchical"
            set comment "output shaper"
            set type queuing
            set default-class 31
            config classes
                edit 31
                    set class-id 31
                    set priority low
                    set maximum-bandwidth-percentage 100
                next
                edit 11
                    set class-id 11
                    set priority top
                    set guaranteed-bandwidth-percentage 50
                    set maximum-bandwidth-percentage 50
                    set limit 5
                next
                edit 12
                    set class-id 12
                    set priority critical
                    set guaranteed-bandwidth-percentage 20
                    set maximum-bandwidth-percentage 100
                    set red-probability 10
                    set min 5
                    set max 10
                next
            end
        next
    end
  3. Configure the traffic shaping policy:
    config firewall shaping-policy
        edit 11
            set comment "DIAMOND - 26 - AF31"
            set service "ALL"
            set dstintf "WAN"
            set diffserv-forward enable
            set diffservcode-forward 011010
            set class-id 11
            set srcaddr "HOST_10.71.15.2"
            set dstaddr "HOST_10.72.15.2"
        next
        edit 25
            set comment "GOLD - 20 - AF22"
            set service "ALL"
            set dstintf "WAN"
            set diffserv-forward enable
            set diffservcode-forward 010100
            set class-id 12
            set srcaddr "HOST_10.71.15.3"
            set dstaddr "HOST_10.72.15.3"
        next
    end
  4. Configure the traffic class:
    config firewall traffic-class
        edit 11
            set class-name "a"
        next
        edit 12
            set class-name "b"
        next
        edit 13
            set class-name "c"
        next
        edit 14
            set class-name "d"
        next
    end
  5. Configure the interface:
    config system interface
        edit "wan1"
            set vdom "root"
            set ip 172.16.200.1 255.255.255.0
            set allowaccess ping
            set type physical
            set outbandwidth 1024
            set egress-shaping-profile "eth-shape-hierarchical"
            set role lan
            set snmp-index 1
        next
    end
Sample query
$ snmpwalk -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.7.5.4.1.1
FORTINET-FORTIGATE-MIB::fgIntfBcQPackets.1.12 = Counter64: 11992
FORTINET-FORTIGATE-MIB::fgIntfBcQPackets.1.13 = Counter64: 2015
FORTINET-FORTIGATE-MIB::fgIntfBcQPackets.1.14 = Counter64: 2014
FORTINET-FORTIGATE-MIB::fgIntfBcQPackets.1.15 = Counter64: 1062
$ snmpwalk -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.7.5.4.1.2
FORTINET-FORTIGATE-MIB::fgIntfBcQBytes.1.12 = Counter64: 3021984
FORTINET-FORTIGATE-MIB::fgIntfBcQBytes.1.13 = Counter64: 507780
FORTINET-FORTIGATE-MIB::fgIntfBcQBytes.1.14 = Counter64: 507528
FORTINET-FORTIGATE-MIB::fgIntfBcQBytes.1.15 = Counter64: 266272
$ snmpwalk -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.7.5.4.1.3
FORTINET-FORTIGATE-MIB::fgIntfBcQPDrops.1.12 = Counter64: 15211
FORTINET-FORTIGATE-MIB::fgIntfBcQPDrops.1.13 = Counter64: 0
FORTINET-FORTIGATE-MIB::fgIntfBcQPDrops.1.14 = Counter64: 0
FORTINET-FORTIGATE-MIB::fgIntfBcQPDrops.1.15 = Counter64: 15267
$ snmpwalk -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.7.5.4.1.4
FORTINET-FORTIGATE-MIB::fgIntfBcQBDrops.1.12 = Counter64: 3833172
FORTINET-FORTIGATE-MIB::fgIntfBcQBDrops.1.13 = Counter64: 0
FORTINET-FORTIGATE-MIB::fgIntfBcQBDrops.1.14 = Counter64: 0
FORTINET-FORTIGATE-MIB::fgIntfBcQBDrops.1.15 = Counter64: 3816750