Many clients are connected via site to Site VPN from fortinet firewall. I wish to monitor connectivity via NPM
The "ADVPN" is just regular interface..
you can monitor that + BGP or OSPF will let you know if you lost connectivity to the remote site.
A word of caution on this...If you go to the Fortinet FW and do a List Resources then you will likely see all your VPN's there. Now, you could tick the box next to the ones you want to monitor but this pseudo interface does not show you the true state of the VPN. I am in an ongoing battle with Fortinet to get an answer but no joy this far.See this thread: Fortigate firmware v7 VPN Status -Solarwinds widget for more details. It may spark an idea for you that leads to a fix for all of us.
Do you happen to have/be using SLAs?
If you use interface based VPNs then we use the following script to monitor the VPN's on our Fortigate
SelectI.Caption AS [VPN_Interface],
I.StatusDescription AS [Interface_Status],I.AdminStatus AS [Admin_Status],
I.DetailsUrl as [_LinkFor_VPN_Interface],
'/Orion/NetMan.Firewalls/images/StatusIcons/SitetoSiteTunnel_' + I.StatusDescription + '.png' AS [_IconFor_VPN_Interface],'/Orion/images/StatusIcons/Small-' + I.OperStatusLED AS [_ICONFor_Oper_Status],'/Orion/images/StatusIcons/Small-' + I.AdminStatusLED AS [_ICONFor_Admin_Status],'/Orion/images/StatusIcons/Small-' + I.StatusLED AS [_ICONFor_Interface_Status],Round((I.Inbps/1000000),3) as [Inbound Mbps],Round((I.Outbps /1000000),3) as [Outbound Mbps],Round((I.MaxInBpsToday /1000000),3) as [Peak Inbound Mbps Today],I.MaxInBpsTime as [Time Peak Inbound Mbps],Round((I.MaxOutBpsToday /1000000),3) as [Peak Outboud Mbps Today],I.MaxOutBpsTime as [Time Peak Outboud Mbps],tolocal(ADDSECOND(-I.PollInterval,I.NextPoll)) as [Last Polled],tolocal(I.NextPoll) as [Next Poll]From Orion.NPM.Interfaces I
INNER JOIN Orion.Nodes AS N ON I.NodeID = N.NodeID
WHERE N.Caption ='<caption of firewall node>' And I.InterfaceTypeName ='tunnel' and I.Caption Not like 'SSL%'
Presumably you are ..
a. using this code in a custom SWQL alert andb. under List Resources for each Fortinet you have ticked the "VPN interfaces"
Because if not I'm confused as to where the code is used and what it is doing - not hard for me but be good to see your detail around this?
Yes sorry it is in a custom query widget on a page and the VPN interfaces are ticket for under list resources.
OK thanks.You may wish to know that SolarWInds doesn't always show the genuine state of that interface. I've discovered this the hard way and it is why I'm trying to find a way through the mud.I've seen instances where I know the VPN is down or disabled and it still shows as up in list resources. I've verified this by going on to the Forti and from either the GUI or CLI can see it is down. It turns out, that what NPM is seeing is like a local loopback interface.
