Integration with carrier CPE management tools
The following enhancements allow better integration with carrier CPE (customer premises equipment) management tools:
-
Add SNMP OIDs to collect the reason for a FortiGate reboot.
-
Add SNMP OIDs to collect traffic shaping profile and policy related configurations.
-
Add a description field on the modem interface that can be fetched over SNMP.
-
Bring a loopback or VLAN interface down when the link monitor fails.
-
Add DSCP and shaping class ID support on the link monitor probe.
-
Allow multiple link monitors with the same source and destination address, but different ports or protocols.
SNMP OIDs
Use the following SNMP OIDs to collect the reason for a FortiGate reboot:
- FORTINET-FORTIGATE-MIB:fortinet.fnFortiGateMib.fgSystem.fgSystemInfo.fgSysUpTimeDetail 1.3.6.1.4.1.12356.101.4.1.22
- FORTINET-FORTIGATE-MIB:fortinet.fnFortiGateMib.fgSystem.fgSystemInfo.fgSysRebootReason 1.3.6.1.4.1.12356.101.4.1.23
Use the following SNMP OIDs to collect traffic shaping profile and policy related configurations:
SNMP OID |
Comments |
Related FOS configuration |
---|---|---|
fgIntfBcCfgIfTable 1.3.6.1.4.1.12356.101.7.5.5.1 |
The OID index is interface's SNMP index. |
The SNMP result matches |
fgIntfCfgSproTable 1.3.6.1.4.1.12356.101.7.5.5.2 |
The OID index has format: |
The SNMP result matches the main configuration of |
fgIntfBcCfgSentTable 1.3.6.1.4.1.12356.101.7.5.5.3 |
The OID index has format: |
The SNMP result matches |
fgIntfBcCfgSpolTable 1.3.6.1.4.1.12356.101.7.5.5.4 |
The OID index has format: |
The SNMP result is matches |
CLI updates
To add a description on a modem interface:
- Configure the interface:
config system interface edit "modem" set vdom "root" set mode pppoe set type physical set description "this the is modem" set snmp-index 37 next end
- Run the SNMP walk in a third-party console:
ubuntu90:~$ snmpwalk -v2c -cpublic 172.18.18.160 1.3.6.1.2.1 | grep odem iso.3.6.1.2.1.2.2.1.2.37 = STRING: "this is the modem" iso.3.6.1.2.1.31.1.1.1.1.37 = STRING: "modem" iso.3.6.1.2.1.47.1.1.1.1.7.4 = STRING: "modem"
To bring a loopback or VLAN interface down when the link monitor fails:
- Configure the interfaces:
config system interface edit "loopback1" set vdom "root" set ip 1.2.3.4 255.255.255.255 set type loopback next edit "port1" set fail-detect enable set fail-detect-option detectserver link-down set fail-alert-interfaces loopback1 next end
- Configure the link monitor:
config system link-monitor edit linkmon1 set server 159.1.1.1 set interface "port1" set gateway-ip 28.1.1.159 set source-ip 28.1.1.160 next end
To configure DSCP and a shaping class ID on a link monitor:
config system link-monitor edit "monitor1" set srcintf "port1" set server "8.8.8.8" set gateway-ip 172.16.200.254 set source-ip 172.16.200.1 set diffservcode <binary> set class-id <id> set service-detection {enable | disable} next end
diffservcode <binary> |
Enter the differentiated services code point (DSCP) in the IP header of the probe packet, 6 bits binary (000000 - 111111) . |
class-id <id> |
Enter the class ID (taken from |
service-detection {enable | disable} |
Set the service detection:
|
If the traffic generated by the probe matches the configured shaping traffic class, it will honor the priority, guaranteed bandwidth percentage, and maximum bandwidth percentage of the queue.
To configure multiple link monitors with the same source and destination address:
config system link-monitor edit "monitor1" set srcintf "port1" set server "159.1.1.1" set protocol twamp set port 81 set gateway-ip 28.1.1.159 set source-ip 28.1.1.160 next edit "monitor2" set srcintf "port1" set server "159.1.1.1" set protocol twamp set port 82 set gateway-ip 28.1.1.159 set source-ip 28.1.1.160 set service-detection enable next end
In this example, different ports are used in each link monitor.