What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Fortigate 200D SNMP Traps to detect VPN Ipsec tunnels UP or Down

Votes:

0

Hello,

I need to detect when VPN Ipsec tunnels goes up or down. I had a Fortigate 200D and the Fortinet Support told me this:

OID 1.3.6.1.4.1.12356.101.1.1402.6.302 is a nonstandard trap and maps to the following: 

1.3.6.1.4.1.12356.101.1.1402.6.302 - .1. is the MIB for the Fortigate 
.1402 is the model which is the FG140 
.6 is the MIBOject fgMgmt 
.302 is the trapprefix for fgTrapVpnTunDown 

fgTrapVpnTunDown NOTIFICATION-TYPE 
OBJECTS { fnSysSerial, sysName, fgVpnTrapLocalGateway, 
fgVpnTrapRemoteGateway, fgVpnTrapPhase1Name } 
STATUS current 
DESCRIPTION 
"The specified VPN tunnel has been brought down." 
::= { fgTrapPrefix 302 }

1.3.6.1.4.1.12356.101.2.0.301 - Indicates that the specified VPN tunnel has been brought up.

in PRTG I created a SNMP Trap sensor, I put in Include Filter = bindings[1.3.6.1.4.1.12356.101.12.3.4.0] AND spectrap[301-302]

and when vpn tunnel goes UP or DOWN log this:

SpecTrap 302=vpn down

05.09.2017 11:42:15 11.71.132.1 xx.xx.xx.xx SNMPv2-SMI::enterprises.12356.101.1.2005 SNMPv2-SMI::enterprises.12356.100.1.1.1.0 = FG200D_serialnumber
RFC1213-MIB::sysName.0 = FG200D-FW
SNMPv2-SMI::enterprises.12356.101.12.3.2.0 = xx.xx.xx.xx (fortigate external ip)
SNMPv2-SMI::enterprises.12356.101.12.3.3.0 = xx.xx.xx.xx (remote vpn client ip)
SNMPv2-SMI::enterprises.12356.101.12.3.4.0 = VPNxxxxx_0 (tunnel name)

So, I need to get an email notificación when each tunnel up or down with all this info:

SMI::enterprises.12356.100.1.1.1.0 = FG200D_serialnumber
RFC1213-MIB::sysName.0 = FG200D-FW
SNMPv2-SMI::enterprises.12356.101.12.3.2.0 = xx.xx.xx.xx (fortigate external ip)
SNMPv2-SMI::enterprises.12356.101.12.3.3.0 = xx.xx.xx.xx (remote vpn client ip)
SNMPv2-SMI::enterprises.12356.101.12.3.4.0 = VPNxxxxx_0 (tunnel name)

fortigate snmptraps vpn-tunnel

Created on Sep 5, 2017 3:11:02 PM

Last change on Sep 6, 2017 4:51:11 AM by Sven Roggenhofer [Paessler Technical Support]



1 Reply

Votes:

0

Hey sgaribaldi,
Thanks for your KB-posting.

Actually, it is not possible to grab the information of a distinct trap message and forward it in a notification using our SNMP Trap Receiver sensor, I'm afraid.

However, if you want to monitor the status (and the traffic) of your VPN tunnels, we recommend to use our Fortigate device template. Using this template, you can see several health metrics of your device and information about the VPN tunnels as well.

Best regards,
Sven

Created on Sep 6, 2017 4:57:30 AM by Sven Roggenhofer [Paessler Technical Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.