FortiGate 5.6.X OpenNMS asset population

how-to
provisioning
fortinet
snmp-asset

#1

A nice feature of the OpenNMS is the depiction of specific asset information for SNMP enabled devices.

For FortiGate firewalls, the SNMP implementation is pretty rich and can enrich the OpenNMS inventory/asset device page with more information.

In order to enable OpenNMS the first thing that is needed is to download and enable the “snmp-asset” functionality.

A useful guide can be found in the below link:
https://wiki.opennms.org/wiki/SNMP_Asset_Provisioning_Adapter

Once the functionality is enabled you can enrich the “snmp-asset-adapter-configuration.xml” file with the below content:

<package name="Fortinet FortiGate">
<sysoidMask>.1.3.6.1.4.1.12356.101.1</sysoidMask>
<assetField name="comment" formatString="HA Deployment Status(1=Standalone,2=Active-Active,3=Active-Standby):
        &#xa;Status:${fgHaSystemMode}&#xa;
        &#xa;HA Cluster Serials:
        &#xa;Active:    ${fgHaStatsSerial1}
        &#xa;Standby:   ${fgHaStatsSerial2}
        &#xa;
        &#xa;VDOM Statistics
        &#xa;Configured:${fgVdNumber}, Active:${fgVdEnabled}, Maximum:${fgVdMaxVdoms}&#xa;
        &#xa;UTM Database Stats
        &#xa;Anti-Virus Database:               ${fgSysVersionAv}
        &#xa;IPS Database:                      ${fgSysVersionIps}
        &#xa;Extended Anti-Virus Database:      ${fgSysVersionAvExt}
        &#xa;Extended IPS Database:             ${fgSysVersionIpsExt}">
                <mibObjs>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.13.1.1.0" alias="fgHaSystemMode"/>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.13.2.1.1.2.1" alias="fgHaStatsSerial1"/>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.13.2.1.1.2.2" alias="fgHaStatsSerial2"/>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.3.1.1.0" alias="fgVdNumber"/>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.3.1.3.0" alias="fgVdEnabled"/>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.3.1.2.0" alias="fgVdMaxVdoms"/>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.4.2.1.0" alias="fgSysVersionAv"/>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.4.2.2.0" alias="fgSysVersionIps"/> 
                        <mibObj oid=".1.3.6.1.4.1.12356.101.4.2.3.0" alias="fgSysVersionAvExt"/>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.4.2.4.0" alias="fgSysVersionIpsExt"/>
                </mibObjs>
        </assetField>
        <assetField name="vendor" formatString="${entPhysicalMfgName}">
                <mibObjs>
                        <mibObj oid=".1.3.6.1.2.1.47.1.1.1.1.12.1" alias="entPhysicalMfgName"/>
                </mibObjs>
        </assetField>
        <assetField name="modelNumber" formatString="${entPhysicalName}">
                <mibObjs>
                        <mibObj oid=".1.3.6.1.2.1.47.1.1.1.1.7.1" alias="entPhysicalName"/>
                </mibObjs>
        </assetField>
        <assetField name="operatingSystem" formatString="${fgSysVersion}">
                <mibObjs>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.4.1.1.0" alias="fgSysVersion"/>
                </mibObjs>
        </assetField>
        <assetField name="ram" formatString="${fgSysMemCapacity} KB">
                <mibObjs>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.4.1.5.0" alias="fgSysMemCapacity"/>
                </mibObjs>
        </assetField>
        <assetField name="hdd1" formatString="${fgSysDiskCapacity} MB">
                <mibObjs>
                        <mibObj oid=".1.3.6.1.4.1.12356.101.4.1.7.0" alias="fgSysDiskCapacity"/>
                </mibObjs>
        </assetField>
        <assetField name="serialNumber" formatString="${serialNumberFortiGate}">
                <mibObjs>
                        <mibObj oid="1.3.6.1.4.1.12356.101.13.2.1.1.2.1" alias="serialNumberFortiGate"/>
                </mibObjs>
        </assetField>
</package>

Once the discovery process is triggered by OpenNMS, every 24 hours, all FortiGate devices will be updated with the below information:

  • Device HA configuration
  • Device HA serials
  • vDOM details like, activated, enabled, maximum number
  • FortiGuard AV and IPS database information for both standard and extended
  • Vendor name
  • Model number
  • FortiOS version
  • RAM memory
  • DISK capacity

Any additional “asset” field can be custom defined with the respective SNMP OID.