network Integration
fortigate-firewall (en)


ServicePilot network-fortigate-firewall


# Fortigate Firewall

Overview

This package is designed to monitor a Fortigate Firewall using SNMP.

Description

This package automatically configures the ServicePilot Manager to collect statistics from Fortigate Firewall based on an `SNMP collection. The statistics gathered in this way include:

  • Network: Ping Response Time and Interfaces activity
  • System: CPU, Memory, Sessions
  • VPN SSL statistics
  • HTTP, Voice and Messaging statistics
  • Antivirus and IPS/IDS statistics

Requirements

  • SNMP Service must be configured (Security: read-only SNMP community and allowed host must be set) and started on the targeted machine.

  • Network Flows - It is is necessary to ensure network connectivity between ServicePilot and the monitored device. In case of a network infrastructure using a firewall, all the ports below must be opened:

    • UDP/161 (SNMP): Between ServicePilot Manager and Fortigate Firewall
    • ICMP/Echo Request (Ping): Between ServicePilot Manager and Fortigate Firewall
    • UDP/162 (SNMP Trap): (Optional) Between Fortigate Firewall and ServicePilot Agent
  • ServicePilot Requirements

    • ServicePilot Manager minimum version: 8.5

Installation

Before adding a resource to monitor, make certain that all pre-requisites are in place and if a ServicePilot Agent is required, that it is communicating correctly with the ServicePilot Manager.

Add resource using Views Configuration web interface

  1. As an administrative user of ServicePilot, open the ServicePilot web interface.
  2. Navigate to Administration. The Configuration > Views web page will open.
  3. Click on the view in which to place the new resource in the Views hierarchy on the left of the interface. The View editor section will show the existing view contents.
  4. From the Packages list on the right of the interface, click and drag the network-fortigate-firewall package into the View editor and let go.
  5. The Package properties dialog box will open to allow resource configuration.
  6. Click OK to close the Package properties dialog box. Note that the dialog box will not close if required parameters are not set.
  7. Click Save to apply the new resource to ServicePilot configuration.

Key field notes

In the Monitoring Policies tab, specify the policy or policies to apply to the package

  1. Basic Parameters tab:

    1. IP address: Specify the IP address of the Fortigate Firewall, as resolvable by the machine on which ServicePilot Manager is running
  2. Interfaces tab:

    1. Auto-Discover Interfaces: Set it on to get details about interfaces
    2. Use Interface filter instead of Addressing Information: Set it on to get interface statistics for the two fields found in the first Interface tab Set it off to get statistics for all available interfaces.
    3. {Optional} Ignored Interfaces names separated with '|': Specify name(s) of interface(s) NOT to be monitored
    4. {Optional} Allowed Interfaces names separated with '|': Specify name(s) of interface(s) to be monitored

      Note: Each element of the interface lists is a regular expression as defined by Like Operator (Visual Basic)

  3. Monitoring Options tab: Select the different monitoring options to enable.

    1. Enable monitoring for IPS application (by Virtual Domain)
    2. Enable monitoring for HTTP applications (by Virtual Domain)
    3. Enable monitoring for VPN-SSL application (by Virtual Domain)
    4. Enable monitoring for Anti Virus applications (by Virtual Domain)
    5. Enable monitoring for Messaging applications (by Virtual Domain)
    6. Enable monitoring for WAN Optimization application (by Virtual Domain)
    7. Enable monitoring for Voice applications (by Virtual Domain)

Notes

MIBs Used:

  • RFC1213-MIB2
  • FORTINET-FORTIGATE-MIB
network fortigate-firewall 0

network fortigate-firewall 1

network fortigate-firewall 2

network fortigate-firewall 3