Quantcast
Channel: Johannes Weber – Weberblog.net
Viewing all articles
Browse latest Browse all 311

MRTG/Routers2: Template FortiGate

$
0
0
fd-wv-fw04.cfg-172.16.1.6_connections-ws-l2-r1

A few weeks ago I constructed an MRTG/Routers2 template for the Fortinet FortiGate firewalls. I am using it for monitoring the FortiGate from my MRTG/Routers2 server. With the basic MRTG tool “cfgmaker” all graphs for the interfaces are generated automatically. My template is an add-on that appends graphs for CPU, memory, and disk usage, as well as connections and VPN statistics. Furthermore, it implements the ping statistics graph and a “short summary”, which only shows the system relevant graphs.

Similar to all my other MRTG/Routers2 templates I constructed the configuration lines after investigating the MIBs from Fortinet via the MIB Browser. The MIBs can be downloaded directly from the FortiGate GUI under System -> Config -> SNMP. Great.

Note that this template is built upon a single vdom environment. I was running a FortiWiFi 90D with FortiOS v5.2.4, build688. Depending on the number of vdoms or processors, some of the OIDs in the template must be adjusted, e.g. the CPU usage or the VPN statistics.

cfgmaker Configuration

The first step is the generation of the basic *.cfg file for MRTG/Routers2. It adds all currently known interfaces from the FortiGate with their names. (Even the “zone” interfaces as well as the VPN IPsec tunnel interfaces, which is great!) Note that I am using a few more options such as the “show-op-down” or other global options. Please use Google if you don’t know their meaning. 😉

sudo cfgmaker --snmp-options=:::::2 --show-op-down --zero-speed=100000000 --global "routers.cgi*Icon: firewall3-sm.gif" --global "routers.cgi*GraphStyle[_]: mirror" --output=NAMEOFTHEFIREWALL.cfg COMMUNITY@IPADDRESS

You can delete all global options (expect the ones just created with the cfgmaker command) within the cfg file because they are not needed if running Routers2.

Template

The following template adds the OIDs/graphs for the usage of the CPU, memory, and disk. It also shows the connections (All and IPv6) as well as the VPN stats. (Note that the MIB allows for even more stats such as byte counts for each policy or counts for AV/IPS/whatever features. However, I have not implemented them here.) I am using the same coloring style as in all my other MRTG/Routers2 templates.

You can download my *.cfg template and follow the first comments inside the file which give hints about what to change (search and replace) in order to make the configuration usable for your environment:

Sample Graphs

After all, these graphs are generated:

CPU Memory Disk Usage Connections (All & IPv6) VPNs Normal Interface Statistics Ping Times

Especially, I am loving the connections graphs, which show the count for all (=IPv4 and IPv6) and IPv6-only connections. Great for a comparison of both protocols.


Viewing all articles
Browse latest Browse all 311

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>