Build precise queries to find exactly what you need
Press ESC to close
Your review has been submitted and is pending approval.
This script is used to check IPSEC and VPN tunnels on Fortigate units.
Current Version
Last Release Date
2011-08-02
Owner
Gerrit
License
GPL
Compatible With
Fortigate VPN connections pre v4MR2
Fortigate VPN connections v4MR2 and later
These scripts are originally written to monitor several VPN tunnels on a Fortigate 200A. It works also for other Fortigates. It is tested on groundwork nagios v2, and OPSview v3.13.0. It should also work for other versions.
It gives the number of SSL VPN sessions, the number of Active IPSEC sessions. If a IPSEC session is down, that session is also printed, and the state is changed to WARNING. if 2 or more IPSEC sessions are down, the state changed to CRITICAL.
Last update gives two scripts:
check_fortigate_vpn for FortiOS v4MR1 and older. check_fortigate_vpn.pl for FortiOS v4MR2 and newer. (unfortunately Fortinet has changed the oids for the fortigate units.)
The syntax is:
check_fortigate_vpn -H host -C community -M modus -T vpn-type -f
example: ./check_fortigate_vpn -H 172.16.6.100 -C public -M 0 Fortigate 200B: OK, Active SSL-VPN Connections/Tunnels: 1/1, IPSEC Tunnels: Configured/Active: 7/2
It'd be great to just check select vpn tunnel status. like how we can with http://localhost/directory/Plugins/Hardware/Network-Gear/Others/SonicWALL-VPN-check/details or is it possible with this plugin itself ? Thanks.
@sebastiaopburnay: You can change the type in line 172: -version => 2, Change it to -version => 1, But my recommendation for the developer is to improve the customizability of the script. Many parameters could be fetched by user input. Would make things easier, f. e. the SNMP version. But also, f. e., what if you want to check one specific IPSEC tunnel? One example: You have a Fortigate with one tunnel to Headquarter, and IT department of Headquarter wants to check the status of exactly this specific tunnel. But there're other tunnels to other branches, which are unnecessary for IT department at HQ. This is one thing you have to modify yourself if you need this feature. Other than that, it's helpful in general. Thanks.
Hi! I am trying your script to check a FortiGate-100D. But I always get «SNMP service is not available on at ./check_fortigate_vpn.pl line 187» and exit code of 255. I think it is related with SNMP version, this particular Fortigate only has v1 enabled and not vc2 nor v3. I've noticed you use a serie of perl functions but I dont understand how can I hardcode SNMP v1 on those - get_snmp_session($ip, $community); - get_snmp_value($session, $oid_unitdesc); - get_snmp_table($session, $oid_ipsectuntableroot . $oidf_tunndx); - close_snmp_session($session); - get_snmp_request($session, $oid) Can you please tell me hou can I force the SNMP version? Thank you
You must be logged in to submit a review.
To:
From:
We’ve completely redesigned the world’s largest repository of Nagios plugins and monitoring tools. Join thousands of users sharing monitoring solutions for servers, applications, and everything in between.
Due to our redesign, all existing accounts require a password reset to access your account again.
Ready to explore 6,100+ projects and contribute to the community?
Reset Password Create Account
Happy Monitoring!