[Fortinet] FortiGate HA failover Alert 설정

[Information]/[Fortinet] Fortigate

[Fortinet] FortiGate HA failover Alert 설정 - SNMP OID값

starterr 2025. 2. 17. 17:11

FortiGate 방화벽 내 SNMP를 이용하여 모니터링 시스템을 통해

장비의 OID 값을 수집하면 OID 값에 따라 다양한 정보를 받아서 변경된 결과값에 알람을 설정할 수 있다.

해당 방식으로 많은 고객사에서 모니터링 시스템을 구축하고 있으며, 실시간 모니터링 및 관제를 진행하고 있다.

이 글은 그중 Fortinet Fortigate 방화벽의 HA failover Alert 설정에 대한 정리내용이다.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setup-FortiGate-HA-failover-alert-on-SNMP-managers/ta-p/216711

Setup FortiGate HA failover alert on SNMP managers (OID)

about using 3rd party vendors to manage all the device, by get alerts when FortiGate HA status changes in the SNMP managers.Scope FortiGate, All Firmware.Solution To achieve this, one needs to use an OID. In the Simple Network Management Protocol (SNMP),

community.fortinet.com

- Technical Tip: Setup FortiGate HA failover alert on SNMP managers (OID)

Description

This article describes about using 3rd party vendors to manage all the device, by get alerts when FortiGate HA status changes in the SNMP managers.

Scope

 FortiGate, All Firmware.

Solution

To achieve this, one needs to use an OID.

In the Simple Network Management Protocol (SNMP), OID means an 'Object Identifier'.
To define OID, it's an address used to uniquely identify managed devices and their statuses.

In FortiGate there are two SNMP traps so, enable 'HA cluster status change and HA heartbeat interface failure'.
So that when there would be failover, The FortiGate will send ha cluster status change trap to the SNMP managers.

1) HA cluster status change (fgtraphastatuschange).
2) HA heartbeat interface failure (fgtraphahbfail).

OID for HA in FortiGate are those that can be mention in the SNMP manager.

OID	TRAPS	DESCRIPTION
1.3.6.1.4.1.12356.101.2.0.402	fgTrapHaStateChange	Trap being sent when the HA cluster member changes its state.
1.3.6.1.4.1.12356.101.2.0.401	fgTrapHaSwitch	The specified cluster member has transitioned from a slave role to a master role.
1.3.6.1.4.1.12356.101.2.0.403	fgTrapHaHBFail	The heartbeat device failure count has exceeded the configured threshold.
1.3.6.1.4.1.12356.101.2.0.404	fgTrapHaMemberDown	The specified device (by serial number) is moving to a down state.
1.3.6.1.4.1.12356.101.2.0.405	fgTrapHaMemberUp	A new cluster member has joined the cluster.

Once the required OID is mentioned and whenever the OID gets triggered user will receive an alert indicating changes happened as per the OID.

To get the values, one can do a SNMP walk for the OID values with any free SNMP walk software.

fgTrapHaSwitch - 1.3.6.1.4.1.12356.101.2.0.401

fgTrapHaStateChange - 1.3.6.1.4.1.12356.101.2.0.402

fgTrapHaHBFail - 1.3.6.1.4.1.12356.101.2.0.403

fgTrapHaMemberDown - 1.3.6.1.4.1.12356.101.2.0.404

fgTrapHaMemberUp - 1.3.6.1.4.1.12356.101.2.0.405

위 5개 값을 수집하여, 방화벽 HA Master <-> Slave 간 변경 정보를 수집하여, 빠르게 대응해 보자.

[Fortinet] Fortigate site to site IPsec VPN 설정 방법

A. Fortigate site to site IPsec VPN 설정방법 Fortigate site to site IPsec VPN 간단한 구성도- A, B Fortigate 간 VPN 연결- A Fortigate Internal IP 대역의 Host에서 B Fortigate Interal IP로 통신 시도- A Fortigate에서 VPN Tunnel을

infoofit.tistory.com

[Fortinet] Fortigate GUI에서 Packet Capture하는 방법

A. fortigate GUI에서 Packet Capture 하는 방법 해당 방법은 fortiOS 7.2.x 기준입니다. 하지만 버전별로 위치 또는 이름만 변경될 뿐, 다른 버전에서나 하는 방법은 거의 똑같습니다. 1) fortigate GUI > Network

infoofit.tistory.com