Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
Check Fortigate VPN sessions
2011-08-02
- Nagios 1.x
- Nagios 2.x
- Nagios 3.x
GPL
116536
File | Description |
---|---|
check_fortigate_vpn | Fortigate VPN connections pre v4MR2 |
check_fortigate_vpn.pl | Fortigate VPN connections v4MR2 and later |
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
These scripts are originally written to monitor several VPN tunnels on a Fortigate 200A. It works also for other Fortigates. It is tested on groundwork nagios v2, and OPSview v3.13.0. It should also work for other versions.
It gives the number of SSL VPN sessions, the number of Active IPSEC sessions. If a IPSEC session is down, that session is also printed, and the state is changed to WARNING. if 2 or more IPSEC sessions are down, the state changed to CRITICAL.
Last update gives two scripts:
check_fortigate_vpn for FortiOS v4MR1 and older.
check_fortigate_vpn.pl for FortiOS v4MR2 and newer.
(unfortunately Fortinet has changed the oids for the fortigate units.)
The syntax is:
check_fortigate_vpn -H host -C community -M modus -T vpn-type -f
example:
./check_fortigate_vpn -H 172.16.6.100 -C public -M 0
Fortigate 200B: OK, Active SSL-VPN Connections/Tunnels: 1/1, IPSEC Tunnels: Configured/Active: 7/2
It gives the number of SSL VPN sessions, the number of Active IPSEC sessions. If a IPSEC session is down, that session is also printed, and the state is changed to WARNING. if 2 or more IPSEC sessions are down, the state changed to CRITICAL.
Last update gives two scripts:
check_fortigate_vpn for FortiOS v4MR1 and older.
check_fortigate_vpn.pl for FortiOS v4MR2 and newer.
(unfortunately Fortinet has changed the oids for the fortigate units.)
The syntax is:
check_fortigate_vpn -H host -C community -M modus -T vpn-type -f
example:
./check_fortigate_vpn -H 172.16.6.100 -C public -M 0
Fortigate 200B: OK, Active SSL-VPN Connections/Tunnels: 1/1, IPSEC Tunnels: Configured/Active: 7/2
Reviews (3)
bykamesh, October 30, 2022
It'd be great to just check select vpn tunnel status. like how we can with https://exchange.nagios.org/directory/Plugins/Hardware/Network-Gear/Others/SonicWALL-VPN-check/details
or is it possible with this plugin itself ?
Thanks.
or is it possible with this plugin itself ?
Thanks.
byNico D., November 15, 2017
@sebastiaopburnay:
You can change the type in line 172:
-version => 2,
Change it to
-version => 1,
But my recommendation for the developer is to improve the customizability of the script. Many parameters could be fetched by user input. Would make things easier, f. e. the SNMP version. But also, f. e., what if you want to check one specific IPSEC tunnel?
One example: You have a Fortigate with one tunnel to Headquarter, and IT department of Headquarter wants to check the status of exactly this specific tunnel. But there're other tunnels to other branches, which are unnecessary for IT department at HQ.
This is one thing you have to modify yourself if you need this feature. Other than that, it's helpful in general. Thanks.
You can change the type in line 172:
-version => 2,
Change it to
-version => 1,
But my recommendation for the developer is to improve the customizability of the script. Many parameters could be fetched by user input. Would make things easier, f. e. the SNMP version. But also, f. e., what if you want to check one specific IPSEC tunnel?
One example: You have a Fortigate with one tunnel to Headquarter, and IT department of Headquarter wants to check the status of exactly this specific tunnel. But there're other tunnels to other branches, which are unnecessary for IT department at HQ.
This is one thing you have to modify yourself if you need this feature. Other than that, it's helpful in general. Thanks.
bysebastiaopburnay, November 30, 2016
Hi!
I am trying your script to check a FortiGate-100D.
But I always get «SNMP service is not available on at ./check_fortigate_vpn.pl line 187» and exit code of 255.
I think it is related with SNMP version, this particular Fortigate only has v1 enabled and not vc2 nor v3.
I've noticed you use a serie of perl functions but I dont understand how can I hardcode SNMP v1 on those
- get_snmp_session($ip, $community);
- get_snmp_value($session, $oid_unitdesc);
- get_snmp_table($session, $oid_ipsectuntableroot . $oidf_tunndx);
- close_snmp_session($session);
- get_snmp_request($session, $oid)
Can you please tell me hou can I force the SNMP version?
Thank you
I am trying your script to check a FortiGate-100D.
But I always get «SNMP service is not available on at ./check_fortigate_vpn.pl line 187» and exit code of 255.
I think it is related with SNMP version, this particular Fortigate only has v1 enabled and not vc2 nor v3.
I've noticed you use a serie of perl functions but I dont understand how can I hardcode SNMP v1 on those
- get_snmp_session($ip, $community);
- get_snmp_value($session, $oid_unitdesc);
- get_snmp_table($session, $oid_ipsectuntableroot . $oidf_tunndx);
- close_snmp_session($session);
- get_snmp_request($session, $oid)
Can you please tell me hou can I force the SNMP version?
Thank you