This guide provides safe, simplified steps to enable SNMP on a FortiGate for monitoring with Auvik. It includes specific guidance for High Availability (HA) environments to help avoid accidental loss of access.
⚠️ Before You Begin
FortiGate HA deployments can use either standard data interfaces or a dedicated HA management interface.
Do not change the IP address of any management interface unless you are certain how HA is configured. This can result in immediate loss of access.
Step 1 — Identify Your Setup
Run the following command:
get system ha status
- If you see
HA Management Interface: enabled→ Go to Scenario B - If not → Use Scenario A
Scenario A — Standard Setup (Recommended)
Most environments do not use a dedicated HA management interface.
What to do
- Enable SNMP on the interface Auvik will use:
config system interface edit <interface-used-by-auvik> set allowaccess ping snmp https ssh next end
- Configure the SNMP community:
config system snmp community edit 1 set name <community-string> config hosts edit 1 set ip <auvik-collector-ip> 255.255.255.255 next end end
Result
- Auvik polls the firewall using the primary (cluster) IP
- No HA-specific configuration is required
Scenario B — HA Management Interface Enabled
This setup allows each HA unit to have its own management IP.
Use this only if:
- You need to monitor each HA unit individually
- The Auvik collector can reach those management IPs
If not, return to Scenario A.
Important Notes
- Do not change interface IPs in this process
- HA management IPs are configured separately from normal interfaces
What to do
- Enable SNMP access on the HA management interface:
config system interface edit <ha-mgmt-interface> set allowaccess ping snmp https ssh next end
config system snmp community edit 1 set name <community-string> config hosts edit 1 set ip <auvik-collector-ip> 255.255.255.255 next end end
Result
- Auvik can poll individual HA units
- Additional routing or access configuration may be required
Recommended Approach
For most deployments, use Scenario A (standard setup).
This approach:
- Minimizes risk
- Requires less configuration
- Avoids HA-specific complexity
Troubleshooting
SNMP not responding:
- Confirm SNMP is allowed on the correct interface
- Verify the collector IP is permitted
- Test connectivity with:
ping <fortigate-ip>
Lost access after changes:
- Try connecting via a different interface
- Use console access if needed to restore previous settings
Summary
| Setup Type | When to Use |
|---|---|
| Standard (no HA mgmt interface) | Recommended for most environments |
| HA management interface enabled | Only if per-unit monitoring is required |
If you’re unsure which setup applies, use the standard configuration or contact your network administrator before proceeding.
For more information: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34731