OIDs for Fortigtate firewalls

Fortinet firewalls can be monitored using any SNMP capable device. You can look into CPU usage, memory usage, number of sessions, utilization on interfaces and so forth.

But it is not always easy to know how to do this. I needed to monitor CPU, memory and # of sessions on a firewall. Here are the OIDs to do so. Tested on FortiOS 3.0

CPU load	1.3.6.1.4.1.12356.1.8.0
Memory usage	1.3.6.1.4.1.12356.1.9.0
Number of current sessions	1.3.6.1.4.1.12356.1.10.0

These values can be added directly to SNMP tools such as PRTG and MRTG.

Fortigate with high CPU time

I recently had an incident with a customer firewall where the CPU load averaged at about 93% as seen from the GUI. The network monitoring tools (that is Smokeping) also reported higher response time than normal even though network throughput seemed to be normal. There were no indications about any packet loss in the network during the period.

The solution used was to boot the firewall. The Fortigate firewalls seems not to have an easy way to find out what processes use CPU time.

The customer runs two firewalls in a HA configuration. As so there were almost no downtime during the reboot. I had 6 packets that did not get through during the reboot.

Tags

• Fortigate
• Fortinet

Fortigate FortiOS 3.0 MR4 is out

FortiOS 3.0 MR4 (build 474) is now out. This is the changes I've found when looking through the GUI.

Full details are found here.

• Support for VoIP - SIP and SCCP.
• The dashboard is now configurable. You can add content and remove content (web parts) as you wish.
• You can add secondary IP addresses to an interface - each with its own ping server (to check for bad gateways.)
• HA mode now allows you to configure interface priority for heartbeat. This feature went out in the original 3.0 release.
• You now can backup your configuration using SCP.
• You can now "Submit attack characteristics to FortiGuard Service Network to help improve IPS signature quality".
• You now can add "remote" types of certificates. I'm not quite sure what I can use to for yet. But I belive it's used to verify the certificate for the other party in a secure setup.
• You now can add client sertificates as users. This could be done in the CLI on previous releases, but now it seems to  support some kind of user authentication as well. I have not tried out this feature yet, but I'm looking forward to do so.
• The reboot/shutdown/reset swithces are now placed on top of the dashboard making it much easier to to these commonly used administrative tasks.

Tags: fortinet, fortigate

New stuff in Fortigate 3.0 MR3

I've just installed FortiOS 3.0 build 400 on my firewall at home. The upgrade went without any problems.

 

There are some new features that I like. They are as follows;

• Telnet (CLI) access from the WEB GUI. You can now access the CLI from the Status screen.
• Support for multiple sources, destinations and rules. On previous releases I had to make several rules if I wanted more than one source in my ruleset.
• Support for secondary IP addresses from the web GUI.
• Support for RDP and VNC connections from SSL VPN
• You can define interface to match for an address.
• There is something called VIP Group. You can create virtual IP groups to facilitate firewall policy traffic control. For example, on the DMZ interface, if you have two email servers that use Virtual IP mapping, you can put these two VIPs into one VIP group and create one external-to-DMZ policy, instead of two policies, to control the traffic.

There are probably other changes but I have not found them yet :)

A day out with Fortinet

Today I've been to Stockholm and Vaxholm Fortress on a seminar with Fortinet. Fortinet is the number one in their segment of unified threat management. I took this as a daytrip, and this was a long daytrip. I just got home now (23:00) and left home at 05:00 this morning.

 

The day started out fine. We took RIB boats out to Vaxholm from Stockholm. It was a 33 feet RIB with 2x250Hk engines. The trip took one hour, with some unnecessary - but fun - driving. On our way back we took and old steam boat back to the city. At least they told us it was a steam boat. None of us belived so :)

 

In the sessions they talked about threats in the future and what Fortinet do to meet these theats. Pishing was given much focus.

They informed us about some new units on the seminar today. The units are described below.

Fortigate 50B - a unit with 3 or 4 switched ports and two other ports. No other details were given.

 

Fortigate 224B

A 24x10/100+2x10/100/1000+2xWAN port switch. This switch is supposed to do wirespeed IDS/IDP and can disconnect clients if they misbehave. This unit targets threats inside your LAN. Unfortunately the unit only checks for viruses as the other Fortigate units do. That is SMTP, POP3, IMAP, HTTP and FTP. NFS, filesharing and other similar traffic is not checked. This is Fortinet's first product for theath management on a LAN. I think much more exiting products will evolve from this.

 

FortiAnalyzer 100B

A new analyzer. Not much talk about this unit.

 

FortiMail 100

A new spam solution for the SMB marked. This unit is priced to about US$1500 I think. It can handle up to 57000 emails/hour.

 

In the end this was an interesting day.