MRTG/Routers2: Template FortiGate

A few weeks ago I constructed an MRTG/Routers2 template for the Fortinet FortiGate firewalls. I am using it for monitoring the FortiGate from my MRTG/Routers2 server. With the basic MRTG tool “cfgmaker” all graphs for the interfaces are generated automatically. My template is an add-on that appends graphs for CPU, memory, and disk usage, as well as connections and VPN statistics. Furthermore, it implements the ping statistics graph and a “short summary”, which only shows the system relevant graphs.

Similar to all my other MRTG/Routers2 templates I constructed the configuration lines after investigating the MIBs from Fortinet via the MIB Browser. The MIBs can be downloaded directly from the FortiGate GUI under System -> Config -> SNMP. Great.

Note that this template is built upon a single vdom environment. I was running a FortiWiFi 90D with FortiOS v5.2.4, build688. Depending on the number of vdoms or processors, some of the OIDs in the template must be adjusted, e.g. the CPU usage or the VPN statistics.

cfgmaker Configuration

The first step is the generation of the basic *.cfg file for MRTG/Routers2. It adds all currently known interfaces from the FortiGate with their names. (Even the “zone” interfaces as well as the VPN IPsec tunnel interfaces, which is great!) Note that I am using a few more options such as the “show-op-down” or other global options. Please use Google if you don’t know their meaning. 😉

You can delete all global options (expect the ones just created with the cfgmaker command) within the cfg file because they are not needed if running Routers2.

Template

The following template adds the OIDs/graphs for the usage of the CPU, memory, and disk. It also shows the connections (All and IPv6) as well as the VPN stats. (Note that the MIB allows for even more stats such as byte counts for each policy or counts for AV/IPS/whatever features. However, I have not implemented them here.) I am using the same coloring style as in all my other MRTG/Routers2 templates.

You can download my *.cfg template and follow the first comments inside the file which give hints about what to change (search and replace) in order to make the configuration usable for your environment:

 

Sample Graphs

After all, these graphs are generated:

Especially, I am loving the connections graphs, which show the count for all (=IPv4 and IPv6) and IPv6-only connections. Great for a comparison of both protocols.

One thought on “MRTG/Routers2: Template FortiGate

Leave a Reply

Your email address will not be published. Required fields are marked *