Monitoring for HA sync between the Primary and Secondary = FortiGate Firewall

ASMoonshine

Hello everyone! I cannot find any information about the HA FortiGate Firewall. Would it be possible to establish the monitoring for HA between the Primary and Secondary of FortiGate Firewall and how to create an alert for any failure? Thank you!

stuartd

The first trick is to ensure your HA pair of Fortinets are set up with their own management address - that way you can monitor the state of each firewall independently.

You will also need to create a UnDP using the OID: 1.3.6.1.4.1.12356.101.3.2.1.1.4 (fgVdEntHaState), and its possible results are:

• 1 is Primary
• 2 is Secondary
• 3 is a standalone FW

You then need to assign the UnDP to the firewalls you want to monitor.

The alert is trickier but doable - essentially you are telling the alert to query if the last state of the the OID has changed. The alert logic looks like this:

With the editable part of the code looking like this:

SELECT CustomPollerAssignmentOnNode.Uri, CustomPollerAssignmentOnNode.DisplayName 

FROM Orion.NPM.CustomPollerAssignmentOnNode AS CustomPollerAssignmentOnNode

INNER JOIN
(
SELECT
CustomPollerAssignmentID
, Count(DISTINCT RawStatus) AS Statuses
FROM Orion.NPM.CustomPollerStatistics
where
Datetime>Addminute(-30,GETUTCDATE())
GROUP BY CustomPollerAssignmentID
) AS History
ON CustomPollerAssignmentOnNode.CustomPollerAssignmentID=History.CustomPollerAssignmentID

WHERE
CustomPollerAssignmentOnNode.CustomPollername='Fortigate_HA_State_Change'
AND History.Statuses>1

The line: Datetime>Addminute(-30,GETUTCDATE())   - is saying to look at the last 30 minutes, so if you want a shorter period to compare against just adjust, but the reality is, if it has changed then it has changed. The timescale isn't going to make much difference.

Secondly, this line:

WHERE CustomPollerAssignmentOnNode.CustomPollername='Fortigate_HA_State_Change'
... the Fortigate_HA_State_Change has to match whatever you named your UnDP.