Fortinet FortiGate Monitoring

Last updated on 30 September, 2024

Overview

LogicMonitor offers out-of-the-box monitoring for the Fortinet FortiGate firewall platform. Our monitoring suite uses SNMP to query the FortiGate appliance for a wide variety of health and performance metrics. ​

Setup Requirements

Add Resource Into Monitoring

Add your FortiGate host into monitoring. For more information on adding resources into monitoring, see Adding Devices.

Enable SNMP

SNMP must be configured on the FortiGate host in order for the DataSources to apply.

SNMP Credentials

LogicMonitor must provide the appropriate credentials in order to successfully access the FortiGate device via SNMP. For instructions on how to set the appropriate credentials as properties on the resource within LogicMonitor, see Defining Authentication Credentials.

Import LogicModules

From the LogicMonitor repository, import all Fortinet FortiGate LogicModules, which are listed in the LogicModules in Package section of this support article. If these LogicModules are already present, ensure you have the most recent versions.

Once the LogicModules are imported (assuming all previous setup requirements have been met), the suite of FortiGate DataSources will automatically begin collecting data. ​

Migration from Legacy DataSources

In April of 2020, LogicMonitor released a new suite of Fortinet FortiGate DataSources. The new DataSources offer several advantages, including vastly expanded monitoring coverage and improved efficiency for future scalability and support.

Therefore, the release of these new DataSources serves to deprecate the following legacy FortiGate DataSources:

  • Fortigate Disk-
  • FortiGate HA-
  • Fortigate Modules-
  • Fortigate Sensors-
  • Fortigate System
  • Fortigate UTM-
  • Fortigate WebFilter-
  • Fortinet HA Peers-
  • FortiNet FortiGate Interfaces

If you are currently monitoring FortiGate using any of these legacy DataSources, you will not experience any data loss upon importing the new DataSources. This is because DataSource names have been changed to eliminate module overwriting.

However, you will collect duplicate data and receive duplicate alerts for as long as both sets of DataSources are active. For this reason, we recommend that you disable the above-listed DataSources after importing the new set of DataSources and confirming that they are working as intended in your environment.

When a DataSource is disabled, it stops querying the host and generating alerts, but maintains all historical data. At some point in time, you may want to delete the legacy DataSources altogether, but consider this move carefully as all historical data will be lost upon deletion. For more information on disabling DataSources, see Disabling Monitoring for a DataSource or Instance.

LogicModules in Package

LogicMonitor’s package for Fortinet FortiGate consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform.

Display Name Type Description
Fortinet_FortiGate_Info PropertySource Retrieves firmware version of the FortiGate device.
addERI_Fortinet_FortiGate PropertySource Sets device External Resource IDs (ERIs) for layer 2, layer 3, and HA topology mapping, including LLDP local system name using LLDP-MIB, MAC addresses using RFC1213-MIB, and an SD-WAN and HA id using the FORTINET-FORTIGATE-MIB.
FortiGate: Wireless Controller WTP DataSource Monitors integrated FortiWLC wireless transaction protocol (WTP) cpu, memory, throughput and connection state metrics.
FortiGate: Wireless Controller WLAN DataSource Monitors integrated FortiWLC WLAN configuration and station count.
FortiGate: Wireless Controller Stations DataSource Monitors integrated FortiWLC station metrics grouped by associated WLAN.
FortiGate: Wireless Controller Global Statistics DataSource Monitors integrated FortiWLC global stats.
FortiGate: Web Filter DataSource Monitors FortiGate web filter HTTP/HTTPS blocking, URL blocking, etc.
FortiGate: Web Cache DataSource Monitors FortiGate web cache performance metrics.
FortiGate: Virtual Domains DataSource Virtual domains (VDOMs) are a method of dividing a FortiGate unit into two or more virtual units that function as multiple independent units. VDOMs can provide separate firewall policies and, in NAT/Route mode, completely separate configurations for routing and VPN services for each connected network or organization.
FortiGate: Sensors DataSource Monitors FortiGate sensors readings and alarm status.
FortiGate: SSL VPN Stats (by VDOM) DataSource Monitors SSL VPN stats organized by their respective virtual domains (VDOM).
FortiGate: SDWAN DataSource Monitors FortiGate SD-WAN (also called WAN link load balancing) performance.
FortiGate: Processor Modules DataSource Monitors FortiGate processor module usage stats.
FortiGate: Link Monitor DataSource Monitors the VDOM interface link health and performance.
FortiGate: Intrusion Prevention System DataSource Monitors the IPS system detections. The FortiOS Intrusion Prevention System (IPS) protects your network from outside attacks. Your FortiGate unit has two techniques to deal with these attacks: anomaly- and signature-based defense.
FortiGate: IPSec VPN Tunnels DataSource Monitors status and throughput metrics of individual IPSec VPN tunnels.
FortiGate: Interfaces DataSource Monitors SNMP interfaces for FortiGate devices.
FortiGate: High Availability Peers DataSource Monitors FortiGate HA peer performance metrics.
FortiGate: High Availability DataSource Monitors FortiGate high availability status.
FortiGate: Global Statistics DataSource Monitors FortiGate global performance metrics such as CPU, memory, disk and session.
FortiGate: FortiGuard DataSource Monitors FortiGuard HTTP/HTTPS metrics. The FortiGuard Intrusion Prevention Service provides the latest defenses against stealthy network-level threats. It uses a customizable database of more than 11000 known threats to enable FortiGate and FortiWiFi appliances to stop attacks that evade conventional firewall defenses.
FortiGate: Firewall Policies DataSource Monitors firewall policy packet transmission and data throughput.
FortiGate: Dialup VPN Peers DataSource Monitors Dial-up VPN peers information.
FortiGate: Antivirus DataSource Monitors Antivirus detection and blocked activity.
FortiGate: Active IPSec VPN Tunnels DataSource Monitors active IPSec VPN tunnels, organized by VDOM.
Fortinet_FortiGate_HA TopologySource Maps Fortinet FortiGate standalone, active-active, and active-passive HA
Fortinet_FortiGate_SDWAN TopologySource Maps Fortinet FortiGate SD WAN

When setting static datapoint thresholds on the various metrics tracked by this package’s DataSources, LogicMonitor follows the technology owner’s best practice KPI recommendations. If necessary, we encourage you to adjust these predefined thresholds to meet the unique needs of your environment. For more information on tuning datapoint thresholds, see Tuning Static Thresholds for Datapoints.

In This Article