cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Help creating Fortinet/Fortigate Failover alert

Jump to solution

Hello Guys,

I need some assistance on creating a Failover alert for our Fortinet/Fortigate firewall. I havent found an OID that we can use to get the right status so we currently rely on Orion's event "When Node Name has Changed" but this does not work (Had multiple instances but never triggered)

I've been researching online and even inquired at Fortinet but still looking. I've filed a case in SW support to tshoot why the Node Name changed event didn't work.

pastedImage_0.png

What do you guys use and how?

Thanks!!

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Level 15

Re: Help creating Fortinet/Fortigate Failover alert

Jump to solution

Node Name has changed relies on the 'Node.Caption' entity; which isn't the same as the SysName value which I think you're looking for.

Basically, the node 'Caption' is created when you add a node based on the following:

  • SysName from WMI/SNMP/Agent
  • If no SysName, then DNS resolution from IP
  • If no DNS, then IP Address

After adding the node, you can change the Caption to anything at all, but all you're changing is the visual representation of the node name in the Orion platform. And it does not auto-update if you change details in the actual device.

Failover events are almost always gathered easiest by capturing an SNMP Trap or a Syslog event. That's where I would look first.

View solution in original post

6 Replies
Highlighted

Re: Help creating Fortinet/Fortigate Failover alert

Jump to solution

Anyone guys? Thanks!

0 Kudos
Highlighted
Level 15

Re: Help creating Fortinet/Fortigate Failover alert

Jump to solution

Node Name has changed relies on the 'Node.Caption' entity; which isn't the same as the SysName value which I think you're looking for.

Basically, the node 'Caption' is created when you add a node based on the following:

  • SysName from WMI/SNMP/Agent
  • If no SysName, then DNS resolution from IP
  • If no DNS, then IP Address

After adding the node, you can change the Caption to anything at all, but all you're changing is the visual representation of the node name in the Orion platform. And it does not auto-update if you change details in the actual device.

Failover events are almost always gathered easiest by capturing an SNMP Trap or a Syslog event. That's where I would look first.

View solution in original post

Highlighted

Re: Help creating Fortinet/Fortigate Failover alert

Jump to solution

Hello Zack,

Thank you for the response. Yeah, I forgot to mention that I also have an alert for when a System Name was changed but it also doesn't trigger. Orion tags the event when the Node Name changes but it also never triggers. The device is a FW cluster so it shares 1 IP.

I'm working with support and they also mentioned Syslog so I'm looking for the log.

I'll update once I have the results.

Cheers!

Highlighted
Level 16

Re: Help creating Fortinet/Fortigate Failover alert

Jump to solution

Hi,

Did u get the details about the failover alerting?

0 Kudos
Highlighted

Re: Help creating Fortinet/Fortigate Failover alert

Jump to solution

Hello pratikmehta003,

I ended up using the Node event "System Name has changed" object instead of the Node Name.

I also created another alert having this condition and I observed that they trigger at the same time.

pastedImage_0.png

Let me know if this works for you. we're running on an older version - NPM 12.1

Thanks!

Highlighted
Level 16

Re: Help creating Fortinet/Fortigate Failover alert

Jump to solution

Thanks a lot for sharing this.. So both are giving you the outcome, correct?

0 Kudos