Hi Ahmed,

Thanks so much, that's really very helpful of you.

Once I can arrange a test window, I'll try monitoring fgHaStatsSyncStatus.2 and then force a failover.

Thanks again!

Darren


On Tue, 25 May 2021 at 15:17, Ahmed Rahal via observium <observium@observium.org> wrote:
Hi Darren,

For Fortgate clusters, we added following custom OIDs :

Fortinet HA Sync Status 1
.1.3.6.1.4.1.12356.101.13.2.1.1.12.1 (fgHaStatsSyncStatus.1)

Fortinet HA Sync Status 2
.1.3.6.1.4.1.12356.101.13.2.1.1.12.2 (fgHaStatsSyncStatus.2)

These indicate whether the device (fgHaStatsSyncStatus.1) and the other device (fgHaStatsSyncStatus.2) are in sync , but also does not indicate failover.
We monitor if fgHaStatsSyncStatus.2 is != 1 in clusters, this means the other member is out of sync.

We ended up monitoring the dedicated replication ports for up/down status. Not great, but works for our case.
If a device hangs with the port up, well ... hopefully the crash blows snmp away as well so you get to know.

Hope this can help you further ;0




Le mar. 25 mai 2021, à 09 h 02, Storer, Darren via observium <observium@observium.org> a écrit :
Hi Adam,

Yes, you were quite right, the HA status just shows that the FortiGate FW nodes are configured in HA but do not reflect whether failover has taken place... :-(

Thanks

Darren

On Tue, 25 Aug 2020 at 02:30, Storer, Darren <darren.storer@gmail.com> wrote:
Hi Adam,

The HA status is being checked now and I’ve requested a slot for a failover test - I’ll let you know how it goes.

Regards

Darren
PS. I don’t think I really addressed Claus’ question, as we don’t run traffic on the passive node prior to failover; a number of sites do this to load balance. 

On Tue, 25 Aug 2020 at 01:45, Adam Armstrong via observium <observium@observium.org> wrote:
This seems to just be showing the mode. Will it allow you to alert of the state is not correct?



Sent from BlueMail


On 25 Aug 2020, at 01:26, "Storer, Darren" <darren.storer@gmail.com> wrote:






Hi Adam,












After all this time, guess what I have just discovered under "Status"?









image.png















...FG HA status was there all along (blush).












Thanks again












Darren














On Sat, 22 Aug 2020 at 01:43, adama--- via observium <

observium@observium.org> wrote:












We might not be collecting the right indicators, or we might need some custom method of coalescing multiple indicators to make an up/down decision on. We do this for some other devices like netscaler.



 



I’m not familiar with what fortigate reports though 😊



 



Adam.



 





From: Storer, Darren <darren.storer@gmail.com>
Sent: 21 August 2020 21:16
To: Observium <observium@observium.org>
Cc: Adam Armstrong <adama@observium.org>; Scooby Doo <scooby2@mail.com>
Subject: Re: [Observium] Fortigate firewalls in Active/Passive with VDOMs





 







Hallo Claus,







 







Some of our larger FG firewalls are in HA and these devices are polled by Observium as a single unit. 







 







Now you mention it, I haven't found a way to alert when an FG in HA fails over; something that works well with Cisco ASA devices:
"status_descr match *primary*"







 







Hope this helps.







 







MfG







 







Darren







 







On Thu, 20 Aug 2020 at 20:52, Adam Armstrong via observium <observium@observium.org> wrote:











This is a question you’d direct at people with fortigate knowledge J



 



It’s likely you poll them individually, but I have no idea, I’ve not seen a Fortinet device for a decade.



 



Adam.



 







From: observium <observium-bounces@observium.org> On Behalf Of Scooby Doo via observium
Sent: 19 August 2020 14:36
To: observium@observium.org
Cc: Scooby Doo <scooby2@mail.com>
Subject: [Observium] Fortigate firewalls in Active/Passive with VDOMs







 







How to use Observium to properly poll 2 Fortigate firewalls in Active/Passive when using VDOMs? Should Fortigates be polled individualy devices?







 







Vielen Dank,







Claus











_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium









_______________________________________________


observium mailing list




observium@observium.org




http://postman.memetic.org/cgi-bin/mailman/listinfo/observium






_______________________________________________

observium mailing list

observium@observium.org

http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium


--
Ahmed Rahal
Administrateur de Systèmes / Systems Administrator
Fibrenoire - www.fibrenoire.ca
A: 550
, avenue 
Beaumont, 
bureau
 320, 
Montréal (Québec)
 H3N 1V1
arahal@fibrenoire.ca
Twitter: @fibrenoire
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium