• State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 19 subscribers
  • Views 2617 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Help creating Fortinet/Fortigate Failover alert

dpad

Hello Guys,

I need some assistance on creating a Failover alert for our Fortinet/Fortigate firewall. I havent found an OID that we can use to get the right status so we currently rely on Orion's event "When Node Name has Changed" but this does not work (Had multiple instances but never triggered)

I've been researching online and even inquired at Fortinet but still looking. I've filed a case in SW support to tshoot why the Node Name changed event didn't work.

pastedImage_0.png

What do you guys use and how?

Thanks!!

  • 0

    Node Name has changed relies on the 'Node.Caption' entity; which isn't the same as the SysName value which I think you're looking for.

    Basically, the node 'Caption' is created when you add a node based on the following:

    • SysName from WMI/SNMP/Agent
    • If no SysName, then DNS resolution from IP
    • If no DNS, then IP Address

    After adding the node, you can change the Caption to anything at all, but all you're changing is the visual representation of the node name in the Orion platform. And it does not auto-update if you change details in the actual device.

    Failover events are almost always gathered easiest by capturing an SNMP Trap or a Syslog event. That's where I would look first.

  • 0 in reply to zackm

    Hello Zack,

    Thank you for the response. Yeah, I forgot to mention that I also have an alert for when a System Name was changed but it also doesn't trigger. Orion tags the event when the Node Name changes but it also never triggers. The device is a FW cluster so it shares 1 IP.

    I'm working with support and they also mentioned Syslog so I'm looking for the log.

    I'll update once I have the results.

    Cheers!

  • 0 in reply to dpad

    Hi,

    Did u get the details about the failover alerting?

  • 0 in reply to pratikmehta003

    Hello pratikmehta003,

    I ended up using the Node event "System Name has changed" object instead of the Node Name.

    I also created another alert having this condition and I observed that they trigger at the same time.

    pastedImage_0.png

    Let me know if this works for you. we're running on an older version - NPM 12.1

    Thanks!

  • 0 in reply to dpad

    Thanks a lot for sharing this.. So both are giving you the outcome, correct?

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.