Hi Ahmed,
Thanks so much, that's really very helpful of you.
Once I can arrange a test window, I'll try monitoring fgHaStatsSyncStatus.2 and then force a failover.
Thanks again!
Darren
On Tue, 25 May 2021 at 15:17, Ahmed Rahal via observium < observium@observium.org> wrote:
Hi Darren,
For Fortgate clusters, we added following custom OIDs :
Fortinet HA Sync Status 1 .1.3.6.1.4.1.12356.101.13.2.1.1.12.1 (fgHaStatsSyncStatus.1)
Fortinet HA Sync Status 2 .1.3.6.1.4.1.12356.101.13.2.1.1.12.2 (fgHaStatsSyncStatus.2)
These indicate whether the device (fgHaStatsSyncStatus.1) and the other device (fgHaStatsSyncStatus.2) are in sync , but also does not indicate failover. We monitor if fgHaStatsSyncStatus.2 is != 1 in clusters, this means the other member is out of sync.
We ended up monitoring the dedicated replication ports for up/down status. Not great, but works for our case. If a device hangs with the port up, well ... hopefully the crash blows snmp away as well so you get to know.
Hope this can help you further ;0
Le mar. 25 mai 2021, à 09 h 02, Storer, Darren via observium < observium@observium.org> a écrit :
Hi Adam,
Yes, you were quite right, the HA status just shows that the FortiGate FW nodes are configured in HA but do not reflect whether failover has taken place... :-(
Thanks
Darren
On Tue, 25 Aug 2020 at 02:30, Storer, Darren darren.storer@gmail.com wrote:
Hi Adam,
The HA status is being checked now and I’ve requested a slot for a failover test - I’ll let you know how it goes.
Regards
Darren PS. I don’t think I really addressed Claus’ question, as we don’t run traffic on the passive node prior to failover; a number of sites do this to load balance.
On Tue, 25 Aug 2020 at 01:45, Adam Armstrong via observium < observium@observium.org> wrote:
This seems to just be showing the mode. Will it allow you to alert of the state is not correct?
Sent from BlueMail http://www.bluemail.me/r?b=15997
On 25 Aug 2020, at 01:26, "Storer, Darren" darren.storer@gmail.com wrote:
Hi Adam,
After all this time, guess what I have just discovered under "Status"?
[image: image.png]
...FG HA status was there all along (blush).
Thanks again
Darren
On Sat, 22 Aug 2020 at 01:43, adama--- via observium <
observium@observium.org> wrote:
We might not be collecting the right indicators, or we might need some custom method of coalescing multiple indicators to make an up/down decision on. We do this for some other devices like netscaler.
I’m not familiar with what fortigate reports though 😊
Adam.
*From:* Storer, Darren darren.storer@gmail.com *Sent:* 21 August 2020 21:16 *To:* Observium observium@observium.org *Cc:* Adam Armstrong adama@observium.org; Scooby Doo < scooby2@mail.com> *Subject:* Re: [Observium] Fortigate firewalls in Active/Passive with VDOMs
Hallo Claus,
Some of our larger FG firewalls are in HA and these devices are polled by Observium as a single unit.
Now you mention it, I haven't found a way to alert when an FG in HA fails over; something that works well with Cisco ASA devices: "status_descr match *primary*"
Hope this helps.
MfG
Darren
On Thu, 20 Aug 2020 at 20:52, Adam Armstrong via observium < observium@observium.org> wrote:
This is a question you’d direct at people with fortigate knowledge J
It’s likely you poll them individually, but I have no idea, I’ve not seen a Fortinet device for a decade.
Adam.
*From:* observium observium-bounces@observium.org *On Behalf Of *Scooby Doo via observium *Sent:* 19 August 2020 14:36 *To:* observium@observium.org *Cc:* Scooby Doo scooby2@mail.com *Subject:* [Observium] Fortigate firewalls in Active/Passive with VDOMs
How to use Observium to properly poll 2 Fortigate firewalls in Active/Passive when using VDOMs? Should Fortigates be polled individualy devices?
Vielen Dank,
Claus
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ahmed Rahal Administrateur de Systèmes / Systems Administrator *Fibrenoire* - www.fibrenoire.ca A: 550 , avenue Beaumont, bureau 320, Montréal (Québec) H3N 1V1 arahal@fibrenoire.ca Twitter: @fibrenoire _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium