Fortigate SNMP monitoring

Fortigate SNMP monitoring

Technical Note: SNMP ifDescr missing in FortiOS 5.4

Description With FortiOS 5.2, and lower the “ifDescr” OID is systematically filled in with the interface name. 

This behavior was not compliant as per RFC 1213 that states: “ifDescr should be filled in with a textual string containing information about the interface. This string should include the name of the manufacturer, the product name and the version of the hardware interface.” 

Since  FortiOS 5.4 and above, the “ifDesc” OID now behaves as per RFC 1213 i.e. “ifDesc” OID is effectively filled in with the interface description, that is: 
– The “description” variable value of each specific interface (CLI) 
– The “comment” field value of each specific interface (GUI) 

To summarize, in FortiOS 5.4 and above: 
– ifDescr OID returns the interface description 
– ifAlias OID returns interface alias 
– ifName OID returns interface name 

On FortiGates running FortiOS 5.2.x, all interfaces by default have SNMP ifDescr MIB populated.$ snmpwalk -v3 -u blahblah -a MD5 -A blahblah1 -x DES -X blahblah1 -l authPriv -Oa 10.8.8.8 | grep -i descSNMPv2-MIB::sysDescr.0 = STRING: Fortigate v5.2.11SNMPv2-MIB::sysORDescr.1 = STRING:IF-MIB::ifDescr.1 = STRING: port1IF-MIB::ifDescr.2 = STRING: port2IF-MIB::ifDescr.3 = STRING: port3IF-MIB::ifDescr.4 = STRING: port4IF-MIB::ifDescr.5 = STRING: port5IF-MIB::ifDescr.6 = STRING: port6IF-MIB::ifDescr.7 = STRING: port7IF-MIB::ifDescr.8 = STRING: port8IF-MIB::ifDescr.9 = STRING: port9IF-MIB::ifDescr.10 = STRING: port10IF-MIB::ifDescr.13 = STRING: ssl.root

FortiGate running FortiOS 5.4.x the default SNMP ifDescr MIB values have changed
$ snmpwalk -v3 -u blahblah -a MD5 -A blahblah1 -x DES -X blahblah1 -l authPriv -Oa 10.8.8.8 | grep -i descSNMPv2-MIB::sysDescr.0 = STRING: Fortigate v5.4.5SNMPv2-MIB::sysORDescr.1 = STRING:IF-MIB::ifDescr.1 = STRING:IF-MIB::ifDescr.2 = STRING:IF-MIB::ifDescr.3 = STRING:IF-MIB::ifDescr.4 = STRING:IF-MIB::ifDescr.5 = STRING:IF-MIB::ifDescr.6 = STRING:IF-MIB::ifDescr.7 = STRING:IF-MIB::ifDescr.8 = STRING:IF-MIB::ifDescr.9 = STRING:IF-MIB::ifDescr.10 = STRING:IF-MIB::ifDescr.11 = STRING: Workaround

In FortiOS v5.4 you can get the port descriptions using the following MIB

IF-MIB:ifMIB.ifMIBObjects.ifXTable.ifXEntry – 1.3.6.1.2.1.31.1.1.1

Comments are closed.