Check Fortinet FortiGate Appliances (check_fortigate)
NEMS Linux makes it easy and affordable to monitor your Fortinet Fortigate devices and clusters via SNMP, complete with perf data.
check_fortigate requires NEMS Linux 1.7 or higher.
Veriage Disclaimer
Please note that Fortinet’s use of the terms “master” and “slave” to distinguish between primary and secondary devices is an industry-standard terminology in the context of networking hardware. While NEMS Linux respects the terminology used by Fortinet for its products, it’s essential to recognize that these terms can carry historical connotations and may not reflect the values of equity and inclusivity that we strive for in modern society. NEMS Linux is committed to supporting equity, diversity, and inclusion in all aspects of its development and operation.
Configuring Fortigate
From the Fortigate web interface:
Select Network -> Interface -> Local interface
Administrative Access: Enable SNMP
Select Config -> SNMP
Enable SNMP, fill your details
SNMP v1/v2c: Create new
Configure for your needs, Traps are not required for this plugin!
Available checkcommands
Check Fortigate Cluster
Check the status of a Fortigate cluster, providing information about the active/passive state and any warnings or critical alerts.
Check Command: check_fortigate_cluster
Parameters: Community Name (default: public)
Check Fortigate CPU
Monitor the CPU usage of a Fortigate device, ensuring that it remains within acceptable thresholds to maintain optimal network performance.
Check Command: check_fortigate_cpu
Parameters: Community Name (default: public)
Check Fortigate RAM
Monitor the RAM usage of a Fortigate device, ensuring that it remains within acceptable thresholds to prevent network performance degradation.
Check Command: check_fortigate_mem
Parameters: Community Name (default: public)
Check Fortigate Network
Monitor the network traffic on a Fortigate device, ensuring that it remains within acceptable thresholds to prevent congestion and bottlenecks.
Check Command: check_fortigate_net
Parameters: Community Name (default: public), Warning Bytes (default: 500000), Critical Bytes (default: 1000000)
Check Fortigate Sessions
Monitor the session count on a Fortigate device, ensuring that it remains within acceptable thresholds to prevent resource exhaustion.
Check Command: check_fortigate_ses
Parameters: Community Name (default: public), Warning Sessions (default: 4500), Critical Sessions (default: 6000)
Check Fortigate Slave CPU
Monitors the CPU usage of a slave unit in a Fortigate cluster, ensuring that it remains within acceptable thresholds for optimal performance.
Check Command: check_fortigate_slave_cpu
Parameters: Community Name (default: public)
Check Fortigate Slave RAM
Monitor the RAM usage of a slave unit in a Fortigate cluster, ensuring that it remains within acceptable thresholds to prevent performance degradation.
Check Command: check_fortigate_slave_mem
Parameters: Community Name (default: public)
Check Fortigate Slave Network
Monitor the network traffic on a slave unit in a Fortigate cluster, ensuring that it remains within acceptable thresholds to prevent congestion and bottlenecks.
Check Command: check_fortigate_slave_net
Parameters: Community Name (default: public), Warning Bytes (default: 500000), Critical Bytes (default: 1000000)
Check Fortigate Slave Sessions
This command monitors the session count on a slave unit in a Fortigate cluster, ensuring that it remains within acceptable levels to prevent resource exhaustion.
Check Command: check_fortigate_slave_ses
Parameters: Community Name (default: public), Warning Sessions (default: 4500), Critical Sessions (default: 6000)
Check Fortigate VPN
Monitor the status of VPN connections on a Fortigate device, ensuring that they are operational and secure. This check supports both IPSec and SSL/OpenVPN connections.
Check Command: check_fortigate_vpn
Parameters: Community Name (default: public), VPN Mode: ipsec, ssl, both (default: both)
Check Fortigate Access Points
Check the status of FortiAPs (WTPs) on a Fortigate device, ensuring that they are operational and properly configured.
Check Command: check_fortigate_wtp
Parameters: Community Name (default: public)
CLI Usage
check_fortigate.pl -H -C -T [-w|-c|-S|-s|-R|-M|-V|-?]
Options
- -H, --host STRING or IPADDRESS
Check interface on the indicated host.
- -P, --port INTEGER
Port of indicated host, defaults to 161.
- -v, --version STRING
SNMP Version, defaults to SNMP v2, v1-v3 supported.
- -T, --type STRING
CPU, MEM, Ses, VPN, Cluster, Firmware, HW, etc.
- -S, --serial STRING
Primary serial number.
- -s, --slave
Get values of slave.
- -w, --warning INTEGER
Warning threshold, applies to cpu, mem, session, firmware.
- -c, --critical INTEGER
Critical threshold, applies to cpu, mem, session, firmware.
- -R, --reset
Resets ip file (cluster only).
- -M, --mode STRING
Output-Mode: 0 => just print, 1 => print and show failed tunnel, 2 => critical.
- -V, --vpnmode STRING
VPN-Mode: both => IPSec & SSL/OpenVPN, ipsec => IPSec only, ssl => SSL/OpenVPN only.
SNMP v1/v2c only:
- -C, --community STRING
Community-String for SNMP, only at SNMP v1/v2c, defaults to public.
SNMP v3 only:
- -U, --username STRING
Username.
- -A, --authpassword STRING
Auth password.
- -a, --authprotocol STRING
Auth algorithm, defaults to sha.
- -X, --privpassword STRING
Private password.
- -x, --privprotocol STRING
Private algorithm, defaults to aes.
- -?, --help
Returns full help text.
Dependencies
These dependencies are preinstalled on NEMS Linux:
Net::SNMP
List::Compare
Getopt::Long
Pod::Usage
Switch
CLI Examples
To use SNMPv3 just replace -C public
with -v 3 -U username -A this_is_auth_string -a sha -x aes128 -X this_is_priv_string
.
Cluster:
$ check_fortigate.pl -H 192.168.123.100 -C public -T cluster
OK: Fortinet 300C (Master: FGSERIALMASTER, Slave: FGSERIALSLAVE): HA (Active/Passive) is active
- Warning if unknown node appears
- Critical if single node
- Optional: Critical, if preferred master (-S Serial) is not master
CPU:
$ check_fortigate.pl -H 192.168.123.100 -C public -T cpu
OK: Fortinet 300C (Master: FGSERIALMASTER) CPU is okay: 1%|'cpu'=1%;80;90
CPU-Slave:
$ check_fortigate.pl -H 192.168.123.100 -C public -T cpu -s
OK: Fortinet 300C (Master: FGSERIALMASTER) slave_CPU is okay: 5%|'slave_cpu'=5%;80;90
- Defaults: 80%/90%
Memory:
$ check_fortigate.pl -H 192.168.123.100 -C public -T mem
OK: Fortinet 300C (Master: FGSERIALMASTER) Memory is okay: 29%|'memory'=29%;80;90
Memory-Slave:
$ check_fortigate.pl -H 192.168.123.100 -C public -T mem
OK: Fortinet 300C (Master: FGSERIALMASTER) slave_M
Source
From https://github.com/riskersen/Monitoring/tree/master/fortigate