Fortinet Guide

From OpenNMS
Jump to navigation Jump to search
Tested for Versions
The instructions in this article have been tested against the following versions of OpenNMS.
Tested Against:
Version 1.12.8 tested by Fuhrmann
Version 1.12.9 tested by Fuhrmann
Version 14.0.0 tested by Fuhrmann
Version 15.0.0 tested by Fuhrmann
Version 16.0.0 tested by Fuhrmann
Version 17.0.0 tested by Fuhrmann

Monitoring Fortinet products - What's possible?

Fortinet products offer really good snmp support. They provide snmp data (eg. CPU, memory, MIB2 stuff et cetera) so OpenNMS is able to create data collections and almost all events can be send as snmp traps.

Fortinet requirements

Until firmware version 4 it was possible to configure snmp using the web ui. Since v5 you have to use the CLI. Fortinet provides a really good documentation to configure snmp.

Firmware 4 example:

Forti interface snmp.png

Forti snmp1.png

Forti snmp2.png

Maybe you have to add a firewall policy to allow your OpenNMS server access to your Fortinet.

OpenNMS requirements

SNMP data


Fortinet provides really useful snmp data. Since version 17 OpenNMS provides a new/revised datacollection. If you use an older version you have to add the datacollection configurations manually. You can get it here:

Note.png Datacollection Hint

OpenNMS needs a restart to apply changes.

Graph definition

Since version 17 OpenNMS provides also the graph definitions. If you use an older version please add the graph definition manually. You can get them here:

Example: Fortinet Graphs.png

Threshd package & thresholds

Example: Memory

/opt/opennms/etc/threshd-configuration.xml <syntaxhighlight lang="xml">

   <package name="TH-FN-MEMORY-H-70">
       <filter>categoryname == 'TH-FN-MEMORY-H-70' & nodeSysOID LIKE '.'</filter>
       <include-range begin="" end=""/>
       <include-range begin="::1" end="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"/>
       <service name="SNMP" interval="300000" user-defined="false" status="on">
           <parameter key="thresholding-group" value="TH-FN-MEMORY-H-70"/>


/opt/opennms/etc/thresholds.xml <syntaxhighlight lang="xml">

   <group name="TH-FN-MEMORY-H-70" rrdRepository="/opt/opennms/share/rrd/snmp/">
           description="Memory (RAM) usage high 70.0 and rearmed 60.0"
           type="high" ds-type="node" value="70.0" rearm="60.0"
           filterOperator="or" ds-name="fgSysMemUsage"/>

</syntaxhighlight> Further threshold templates can be found here.

Threshold notifications

Example: Memory <syntaxhighlight lang="xml">

   <notification name="TH-FN-MEMORY HIGH WARNING notification"
       status="on" writeable="yes">
       <subject>[TH][HIGH] #%noticeid%: %nodelabel% - FORTINET-MEMORY %parm[ds]% exceeded.</subject>
       <numeric-message>[HIGH] - (%parm[ds]% %parm[threshold]%/%parm[value]%) exceeded.</numeric-message>

</syntaxhighlight> Futher Fortinet threshold notifications can be found here.


Event defintions

OpenNMS provides a lot trap definitions for various Fortinet products.

Since version 17 OpenNMS provides all Fortinet trap definitions out of the box. If you are using an older OpenNMS you have to add the event definitions manually. You can download them here. Don't forget to delete the current Fortinet event file and include the new ones into /opt/opennms/etc/eventconf.xml. Just reload the event configuration or restart OpenNMS to apply the new events.

Warning.png Firmware mismatch!

For FortiCore and FortiGate event files there are two version based on the firmware you are using.

As the result, received traps should look like these:

Fortinet eventExamples.png

Trap notifications

Depending on your environment maybe every event needs a notification.


/opt/opennms/etc/notifications.xml <syntaxhighlight lang="xml"> <notification name="TRAP - FortiNet - PowerSuppyFailure" status="on" writeable="yes">

 <rule>(IPADDR IPLIKE *.*.*.*)</rule>
 <subject>Notice #%noticeid%: Power supply failure on node %nodelabel%.</subject>

</notification> </syntaxhighlight>

Further trap notification templates can be found here


Fortinet Thresholds
Fortinet Threshold Notifications
Fortinet Trap Notifications
Fortinet Support Portal