Fortinet black logo

New Features

SNMP polling extensions to support new OIDs 6.4.2

Copy Link
Copy Doc ID de1e129a-0283-11ea-8977-00505692583a:32869
Download PDF

SNMP polling extensions to support new OIDs 6.4.2

New OIDs are added to support SNMP query for license details and IPsec tunnels.

To configure SNMP:
config system snmp community
    edit 1
        set name "SNMP-TEST"
        config hosts
            edit 1
                set ip 10.1.100.11 255.255.255.255
            next
            edit 2
                set ip 172.16.200.55 255.255.255.255
            next
        end
        config hosts6
            edit 1
                set ipv6 2000:172:16:200::55/128
            next
            edit 2
                set ipv6 2000:10:1:100::11/128
            next
        end
        set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change fm-conf-change ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update faz-disconnect
    next
end

License details

New OIDs are added in fgSystemInfoAdvanced to support SNMP query for license details, including the following two tables.

fgLicContracts 1.3.6.1.4.1.12356.101.4.6.3.1

snmpwalk -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.4.6.3.1
FORTINET-FORTIGATE-MIB::fgLicContractCount.0 = INTEGER: 28
FORTINET-FORTIGATE-MIB::fgLicContractDesc.1 = STRING: Hardware
FORTINET-FORTIGATE-MIB::fgLicContractDesc.2 = STRING: Enhanced
FORTINET-FORTIGATE-MIB::fgLicContractDesc.3 = STRING: Firmware & general updates
FORTINET-FORTIGATE-MIB::fgLicContractDesc.4 = STRING: FortiClient
FORTINET-FORTIGATE-MIB::fgLicContractDesc.5 = STRING: Webfilter
FORTINET-FORTIGATE-MIB::fgLicContractDesc.6 = STRING: Virus Definitions
FORTINET-FORTIGATE-MIB::fgLicContractDesc.7 = STRING: Security Rating license
FORTINET-FORTIGATE-MIB::fgLicContractDesc.8 = STRING: SPRT
...
fgLicVersions 1.3.6.1.4.1.12356.101.4.6.3.2           

snmpwalk -v2c -c SNMP-TEST  172.16.200.1 1.3.6.1.4.1.12356.101.4.6.3.2 (Version info)
FORTINET-FORTIGATE-MIB::fgLicVersionCount.0 = INTEGER: 25
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.1 = STRING: Application Definitions
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.2 = STRING: Virus Definitions
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.3 = STRING: Extended set
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.4 = STRING: Extreme set
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.5 = STRING: Mobile Malware Definitions
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.6 = STRING: Flow-based Virus Definitions
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.7 = STRING: Botnet Domain Database
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.8 = STRING: Attack Definitions
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.9 = STRING: Attack Extended Definitions
...

IPsec tunnels

New OIDs are added in fgVpn to support SNMP query for IPv4 and IPv6 IPsec tunnels, including the following two tables.

fgVpn2DialupTable 1.3.6.1.4.1.12356.101.12.4.1

snmpwalk  -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.12.4.1
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.1 = INTEGER: 1
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.2 = INTEGER: 2
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.3 = INTEGER: 3
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.4 = INTEGER: 4
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.5 = INTEGER: 5
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.6 = INTEGER: 6
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.1 = INTEGER: ipv6(2)
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.2 = INTEGER: ipv6(2)
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.3 = INTEGER: ipv4(1)
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.4 = INTEGER: ipv4(1)
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.5 = INTEGER: ipv4(1)
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.6 = INTEGER: ipv4(1)
...
fgVpn2TunTable 1.3.6.1.4.1.12356.101.12.4.2

snmpwalk  -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.12.4.2 (Tunnel VPN)
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.3.1 = STRING: tovd6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.4.1 = STRING: tovd7
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.6.1 = STRING: dailToVd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.7.1 = STRING: vd3-dial-vd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.8.1 = STRING: spoke1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.8.2 = STRING: spoke1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.9.2 = STRING: spoke1v6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.9.3 = STRING: spoke1v6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.10.1 = STRING: Spoke2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.10.2 = STRING: Spoke2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.11.1 = STRING: spoke2v6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.12.1 = STRING: tovd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.13.1 = STRING: vd7to1-ip6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.3.1 = STRING: tovd6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.4.1 = STRING: tovd7
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.6.1 = STRING: dailToVd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.7.1 = STRING: vd3-to-vd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.8.1 = STRING: spoke1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.8.2 = STRING: spoke1-v2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.9.2 = STRING: spoke1v6-2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.9.3 = STRING: spoke1v6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.10.1 = STRING: Spoke2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.10.2 = STRING: spoke2-p2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.11.1 = STRING: spoke2v6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.12.1 = STRING: tovd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.13.1 = STRING: vd7to1-ip6
FORTINET-FORTIGATE-MIB::fgVpn2TunRemGwyIpType.3.1 = INTEGER: ipv4(1)
FORTINET-FORTIGATE-MIB::fgVpn2TunRemGwyIpType.4.1 = INTEGER: ipv6(2)
FORTINET-FORTIGATE-MIB::fgVpn2TunRemGwyIpType.6.1 = INTEGER: ipv4(1)
...

SNMP polling extensions to support new OIDs 6.4.2

New OIDs are added to support SNMP query for license details and IPsec tunnels.

To configure SNMP:
config system snmp community
    edit 1
        set name "SNMP-TEST"
        config hosts
            edit 1
                set ip 10.1.100.11 255.255.255.255
            next
            edit 2
                set ip 172.16.200.55 255.255.255.255
            next
        end
        config hosts6
            edit 1
                set ipv6 2000:172:16:200::55/128
            next
            edit 2
                set ipv6 2000:10:1:100::11/128
            next
        end
        set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change fm-conf-change ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update faz-disconnect
    next
end

License details

New OIDs are added in fgSystemInfoAdvanced to support SNMP query for license details, including the following two tables.

fgLicContracts 1.3.6.1.4.1.12356.101.4.6.3.1

snmpwalk -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.4.6.3.1
FORTINET-FORTIGATE-MIB::fgLicContractCount.0 = INTEGER: 28
FORTINET-FORTIGATE-MIB::fgLicContractDesc.1 = STRING: Hardware
FORTINET-FORTIGATE-MIB::fgLicContractDesc.2 = STRING: Enhanced
FORTINET-FORTIGATE-MIB::fgLicContractDesc.3 = STRING: Firmware & general updates
FORTINET-FORTIGATE-MIB::fgLicContractDesc.4 = STRING: FortiClient
FORTINET-FORTIGATE-MIB::fgLicContractDesc.5 = STRING: Webfilter
FORTINET-FORTIGATE-MIB::fgLicContractDesc.6 = STRING: Virus Definitions
FORTINET-FORTIGATE-MIB::fgLicContractDesc.7 = STRING: Security Rating license
FORTINET-FORTIGATE-MIB::fgLicContractDesc.8 = STRING: SPRT
...
fgLicVersions 1.3.6.1.4.1.12356.101.4.6.3.2           

snmpwalk -v2c -c SNMP-TEST  172.16.200.1 1.3.6.1.4.1.12356.101.4.6.3.2 (Version info)
FORTINET-FORTIGATE-MIB::fgLicVersionCount.0 = INTEGER: 25
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.1 = STRING: Application Definitions
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.2 = STRING: Virus Definitions
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.3 = STRING: Extended set
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.4 = STRING: Extreme set
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.5 = STRING: Mobile Malware Definitions
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.6 = STRING: Flow-based Virus Definitions
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.7 = STRING: Botnet Domain Database
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.8 = STRING: Attack Definitions
FORTINET-FORTIGATE-MIB::fgLicVersionDesc.9 = STRING: Attack Extended Definitions
...

IPsec tunnels

New OIDs are added in fgVpn to support SNMP query for IPv4 and IPv6 IPsec tunnels, including the following two tables.

fgVpn2DialupTable 1.3.6.1.4.1.12356.101.12.4.1

snmpwalk  -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.12.4.1
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.1 = INTEGER: 1
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.2 = INTEGER: 2
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.3 = INTEGER: 3
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.4 = INTEGER: 4
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.5 = INTEGER: 5
FORTINET-FORTIGATE-MIB::fgVpn2DialupIndex.6 = INTEGER: 6
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.1 = INTEGER: ipv6(2)
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.2 = INTEGER: ipv6(2)
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.3 = INTEGER: ipv4(1)
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.4 = INTEGER: ipv4(1)
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.5 = INTEGER: ipv4(1)
FORTINET-FORTIGATE-MIB::fgVpn2DialupGatewayType.6 = INTEGER: ipv4(1)
...
fgVpn2TunTable 1.3.6.1.4.1.12356.101.12.4.2

snmpwalk  -v2c -c SNMP-TEST 172.16.200.1 1.3.6.1.4.1.12356.101.12.4.2 (Tunnel VPN)
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.3.1 = STRING: tovd6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.4.1 = STRING: tovd7
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.6.1 = STRING: dailToVd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.7.1 = STRING: vd3-dial-vd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.8.1 = STRING: spoke1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.8.2 = STRING: spoke1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.9.2 = STRING: spoke1v6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.9.3 = STRING: spoke1v6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.10.1 = STRING: Spoke2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.10.2 = STRING: Spoke2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.11.1 = STRING: spoke2v6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.12.1 = STRING: tovd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase1Name.13.1 = STRING: vd7to1-ip6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.3.1 = STRING: tovd6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.4.1 = STRING: tovd7
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.6.1 = STRING: dailToVd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.7.1 = STRING: vd3-to-vd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.8.1 = STRING: spoke1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.8.2 = STRING: spoke1-v2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.9.2 = STRING: spoke1v6-2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.9.3 = STRING: spoke1v6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.10.1 = STRING: Spoke2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.10.2 = STRING: spoke2-p2
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.11.1 = STRING: spoke2v6
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.12.1 = STRING: tovd1
FORTINET-FORTIGATE-MIB::fgVpn2TunPhase2Name.13.1 = STRING: vd7to1-ip6
FORTINET-FORTIGATE-MIB::fgVpn2TunRemGwyIpType.3.1 = INTEGER: ipv4(1)
FORTINET-FORTIGATE-MIB::fgVpn2TunRemGwyIpType.4.1 = INTEGER: ipv6(2)
FORTINET-FORTIGATE-MIB::fgVpn2TunRemGwyIpType.6.1 = INTEGER: ipv4(1)
...