Fortinet / Fortigate monitoring

Introduction

This is a Zenpack for Fortinet FortiGate firewalls. The existing Zenpack by Fabio Paracchini seems to be abandoned and use obsolete MIB's. This Zenpack is developed using zenpacklib.

Supported devices

I only had FortiGate models 100D and 3000D with OS version 5.x to test my zenpack. Feel free to try it with other models, and report if it works or break. I'm happy to assist you to get it working with other models.

models

100D and 3000D (OS version 5.x) : confirmed by @cbueche.
Fortigate 800C : confirmed by @mattbze.

Features

serial number and firmware version in overview page
interface traffic
CPU load
memory load
disk usage
session count
IPS statistics
Sensors (voltage, temperature, fans, PSU)
Vdoms
Per Vdom :
- interface traffic
- CPU load
- memory load
- disk usage
- session count and rate

Release notes

23.12.2016 : 1.0.0 : initial version

Installation

Pre-requisites : Python packages

The installation of the required PyYAML should happen automatically. If not, use this :

easy_install PyYAML

Device class

create device class /Network/Firewall/Fortigate

Zenpack

install the Zenpack:

zenpack --install ZenPacks.community.Fortinet
zopectl restart; zenhub restart

a full zenoss restart is probably better.

set the Python class of the existing device

This is a one-time operation that is needed for devices that were present before the Zenpack installation (the devices added after installation get the correct Python class automatically). The symptom to decide if you need this: WARNING zen.ApplyDataMap: no relationship:XXX found on:YYY in zenhub.log.

Warning: this loops must be repeated until no device get moved anymore. Not sure why, maybe some glitch of Zenoss 4.x.

zendmd

for d in dmd.Devices.Network.Firewall.Fortigate.getSubDevicesGen():
    devname = d.getId()
    print('checking %s' % devname)
    if d.__class__.__name__ != 'FortigateDevice':
        dmd.Devices.Network.Firewall.Fortigate.moveDevices('/Network/Firewall/Fortigate', devname)
        commit()
        print('class of %s set to FortigateDevice' % devname)

Post-installation

MIB load

If you want to automatically map the device models and the SNMP traps, you need to load two MIB's:

cd MIB
cp FORTINET-*.mib $ZENHOME/share/mibs/site
cd $ZENHOME/share/mibs/site
zenmib run -v 10
zentrap restart

The go to Zenoss / advanced / MIBs. See if MIBs are available.

modeler plugins for /Network/Firewall/Fortinet

The plugins are automatically assigned during the Zenpack installation:

zenoss.snmp.NewDeviceMap
zenoss.snmp.DeviceMap
zenoss.snmp.InterfaceMap
zenoss.snmp.InterfaceAliasMap
zenoss.snmp.RouteMap
community.snmp.FortigateGlobal
community.snmp.FortigateSensor
community.snmp.FortigateVdom
community.snmp.FortigateIPS

Development notes

Using Vagrant in Virtualbox, use vagrant up to create and start a Zenoss to further develop this Zenpack. In the VM, /tmp/work is mapped to the Zenpack source, you can use these commands to install it:

zenpack --link --install ZenPacks.community.Fortinet
zopectl restart; zenhub restart

Known issues

In HA-mode, the zenoss.snmp.RouteMap modeler plugin produces these warnings in zenhub.log:

WARNING zen.IpInterface: Adding IP Address 10.1.2.3 to Index_47 found it on device 10.4.5.6

The reason for the warning is probably that both firewall instances see the same values and fight over who owns them. To avoid the issue, remove the zenoss.snmp.RouteMap modeler plugin from /Network/Firewall/Fortigate. The consequence is the loss of the Network Routes from the Components view.

To-do

automate the device class creation for /Network/Firewall/Fortigate
automate the installation of the MIBs
event clear from monitoring/performance template
disk usage alertings
add a screenshot with real-life data

cbueche/ZenPacks.community.Fortinet