Monday, October 6, 2008

Monitoring Fortinet Firewalls with Cacti

Cacti (http://www.cacti.net) is a popular SNMP graphing tool that can monitor pretty much any device which supports SNMP. Here is a quick guide on how to configure Cacti to monitor Fortigate interfaces, total active sessions, and system resource utilization. I will leave installing Cacti up to you :)


Start in the Console by clicking Data Templates in the Templates section. Click Add in the top right corner and enter the values from the following screenshot. Then click Save.


Afterwards create two more Data Templates based on the next two screenshots.



The Data Templates tell Cacti which values (OIDs) to monitor.

Next, go to Graph Templates in the Templates section. As before click Add in the top right corner and define the following two Graph Templates: Fortigate – System Resources and Fortigate – Total Sessions. The System Resources graph will monitor CPU and memory utilization in one combined graph.


Next create a Host Template as per the screenshot below.

Now you are ready to start monitoring firewalls. Under Management go to Devices and click Add. Define a new device. Sample values are in the screenshot.

That’s it. Graphs will start to update after Cacti’s next polling cycle.

5 comments:

Anonymous said...

Hello !

Are you sure that the object id for the CPU/memory and sessions are the good one concerning the Fortinet SNMP ?

I've find different values on other forums, but neither these ones or yours are filling up my graphs.

Tell me please. But anyway, thanks for the article !

Sebastian said...

That OID comes straight out of our production Cacti box. If you are having problems it may not be the values but a problem with your Cacti installation. Are you able to successfully monitor other systems with your current Cacti installation?

Anonymous said...

Thanks for the reply. actually, I can monitor some stuff like the Interface Statistics, but none from the Fortinet MIBS.

I think I need to find the right OID on the Fortinet documentation.

Thanks again !

Joseph Finley said...

I set this up accordingly, however, I receive a:

Warning: Division by zero in /usr/share/cacti/site/lib/api_poller.php on line 119


Not much out there as the the fix? I get a graph, just no data.

Sebastian said...

Hmmm, that's strange. Sounds like a Cacti issue though. Are you running the latest version (0.8.7d as of this writing)?