Fortinet

Check Fortigate VPN sessions

Write a Review

Description:

This script is used to check IPSEC and VPN tunnels on Fortigate units.

Current Version

Last Release Date

2011-08-02

Compatible With

  • Nagios 1.x
  • Nagios 2.x
  • Nagios 3.x

Owner

Gerrit

License

GPL

Copy Page Link Recommend Login to Add to Favorites
Project Files
FileDescription
check_fortigate_vpn

Fortigate VPN connections pre v4MR2

check_fortigate_vpn.pl

Fortigate VPN connections v4MR2 and later

Project Notes
These scripts are originally written to monitor several VPN tunnels on a Fortigate 200A. It works also for other Fortigates. It is tested on groundwork nagios v2, and OPSview v3.13.0. It should also work for other versions. It gives the number of SSL VPN sessions, the number of Active IPSEC sessions. If a IPSEC session is down, that session is also printed, and the state is changed to WARNING. if 2 or more IPSEC sessions are down, the state changed to CRITICAL. Last update gives two scripts: check_fortigate_vpn for FortiOS v4MR1 and older. check_fortigate_vpn.pl for FortiOS v4MR2 and newer. (unfortunately Fortinet has changed the oids for the fortigate units.) The syntax is: check_fortigate_vpn -H host -C community -M modus -T vpn-type -f example: ./check_fortigate_vpn -H 172.16.6.100 -C public -M 0 Fortigate 200B: OK, Active SSL-VPN Connections/Tunnels: 1/1, IPSEC Tunnels: Configured/Active: 7/2
Reviews (3) Add a Review
check selective VPN tunnels?
by kamesh, October 31, 2022

It'd be great to just check select vpn tunnel status. like how we can with https://exchange.nagios.org/directory/Plugins/Hardware/Network-Gear/Others/SonicWALL-VPN-check/details or is it possible with this plugin itself ? Thanks.


Well done, but improvements recommended
by Nico D., November 30, 2017

@sebastiaopburnay: You can change the type in line 172: -version => 2, Change it to -version => 1, But my recommendation for the developer is to improve the customizability of the script. Many parameters could be fetched by user input. Would make things easier, f. e. the SNMP version. But also, f. e., what if you want to check one specific IPSEC tunnel? One example: You have a Fortigate with one tunnel to Headquarter, and IT department of Headquarter wants to check the status of exactly this specific tunnel. But there're other tunnels to other branches, which are unnecessary for IT department at HQ. This is one thing you have to modify yourself if you need this feature. Other than that, it's helpful in general. Thanks.


SNMP version not considered
by sebastiaopburnay, November 30, 2016

Hi! I am trying your script to check a FortiGate-100D. But I always get «SNMP service is not available on at ./check_fortigate_vpn.pl line 187» and exit code of 255. I think it is related with SNMP version, this particular Fortigate only has v1 enabled and not vc2 nor v3. I've noticed you use a serie of perl functions but I dont understand how can I hardcode SNMP v1 on those - get_snmp_session($ip, $community); - get_snmp_value($session, $oid_unitdesc); - get_snmp_table($session, $oid_ipsectuntableroot . $oidf_tunndx); - close_snmp_session($session); - get_snmp_request($session, $oid) Can you please tell me hou can I force the SNMP version? Thank you


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
3.5 (4)
Favorites
0
Views
116,331