Fortinet FortiGate Monitoring
Last updated on 30 September, 2024Overview
LogicMonitor offers out-of-the-box monitoring for the Fortinet FortiGate firewall platform. Our monitoring suite uses SNMP to query the FortiGate appliance for a wide variety of health and performance metrics.
Setup Requirements
Add Resource Into Monitoring
Add your FortiGate host into monitoring. For more information on adding resources into monitoring, see Adding Devices.
Enable SNMP
SNMP must be configured on the FortiGate host in order for the DataSources to apply.
SNMP Credentials
LogicMonitor must provide the appropriate credentials in order to successfully access the FortiGate device via SNMP. For instructions on how to set the appropriate credentials as properties on the resource within LogicMonitor, see Defining Authentication Credentials.
Import LogicModules
From the LogicMonitor repository, import all Fortinet FortiGate LogicModules, which are listed in the LogicModules in Package section of this support article. If these LogicModules are already present, ensure you have the most recent versions.
Once the LogicModules are imported (assuming all previous setup requirements have been met), the suite of FortiGate DataSources will automatically begin collecting data.
Migration from Legacy DataSources
In April of 2020, LogicMonitor released a new suite of Fortinet FortiGate DataSources. The new DataSources offer several advantages, including vastly expanded monitoring coverage and improved efficiency for future scalability and support.
Therefore, the release of these new DataSources serves to deprecate the following legacy FortiGate DataSources:
- Fortigate Disk-
- FortiGate HA-
- Fortigate Modules-
- Fortigate Sensors-
- Fortigate System
- Fortigate UTM-
- Fortigate WebFilter-
- Fortinet HA Peers-
- FortiNet FortiGate Interfaces
If you are currently monitoring FortiGate using any of these legacy DataSources, you will not experience any data loss upon importing the new DataSources. This is because DataSource names have been changed to eliminate module overwriting.
However, you will collect duplicate data and receive duplicate alerts for as long as both sets of DataSources are active. For this reason, we recommend that you disable the above-listed DataSources after importing the new set of DataSources and confirming that they are working as intended in your environment.
When a DataSource is disabled, it stops querying the host and generating alerts, but maintains all historical data. At some point in time, you may want to delete the legacy DataSources altogether, but consider this move carefully as all historical data will be lost upon deletion. For more information on disabling DataSources, see Disabling Monitoring for a DataSource or Instance.
LogicModules in Package
LogicMonitor’s package for Fortinet FortiGate consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform.
Display Name | Type | Description |
Fortinet_FortiGate_Info | PropertySource | Retrieves firmware version of the FortiGate device. |
addERI_Fortinet_FortiGate | PropertySource | Sets device External Resource IDs (ERIs) for layer 2, layer 3, and HA topology mapping, including LLDP local system name using LLDP-MIB, MAC addresses using RFC1213-MIB, and an SD-WAN and HA id using the FORTINET-FORTIGATE-MIB. |
FortiGate: Wireless Controller WTP | DataSource | Monitors integrated FortiWLC wireless transaction protocol (WTP) cpu, memory, throughput and connection state metrics. |
FortiGate: Wireless Controller WLAN | DataSource | Monitors integrated FortiWLC WLAN configuration and station count. |
FortiGate: Wireless Controller Stations | DataSource | Monitors integrated FortiWLC station metrics grouped by associated WLAN. |
FortiGate: Wireless Controller Global Statistics | DataSource | Monitors integrated FortiWLC global stats. |
FortiGate: Web Filter | DataSource | Monitors FortiGate web filter HTTP/HTTPS blocking, URL blocking, etc. |
FortiGate: Web Cache | DataSource | Monitors FortiGate web cache performance metrics. |
FortiGate: Virtual Domains | DataSource | Virtual domains (VDOMs) are a method of dividing a FortiGate unit into two or more virtual units that function as multiple independent units. VDOMs can provide separate firewall policies and, in NAT/Route mode, completely separate configurations for routing and VPN services for each connected network or organization. |
FortiGate: Sensors | DataSource | Monitors FortiGate sensors readings and alarm status. |
FortiGate: SSL VPN Stats (by VDOM) | DataSource | Monitors SSL VPN stats organized by their respective virtual domains (VDOM). |
FortiGate: SDWAN | DataSource | Monitors FortiGate SD-WAN (also called WAN link load balancing) performance. |
FortiGate: Processor Modules | DataSource | Monitors FortiGate processor module usage stats. |
FortiGate: Link Monitor | DataSource | Monitors the VDOM interface link health and performance. |
FortiGate: Intrusion Prevention System | DataSource | Monitors the IPS system detections. The FortiOS Intrusion Prevention System (IPS) protects your network from outside attacks. Your FortiGate unit has two techniques to deal with these attacks: anomaly- and signature-based defense. |
FortiGate: IPSec VPN Tunnels | DataSource | Monitors status and throughput metrics of individual IPSec VPN tunnels. |
FortiGate: Interfaces | DataSource | Monitors SNMP interfaces for FortiGate devices. |
FortiGate: High Availability Peers | DataSource | Monitors FortiGate HA peer performance metrics. |
FortiGate: High Availability | DataSource | Monitors FortiGate high availability status. |
FortiGate: Global Statistics | DataSource | Monitors FortiGate global performance metrics such as CPU, memory, disk and session. |
FortiGate: FortiGuard | DataSource | Monitors FortiGuard HTTP/HTTPS metrics. The FortiGuard Intrusion Prevention Service provides the latest defenses against stealthy network-level threats. It uses a customizable database of more than 11000 known threats to enable FortiGate and FortiWiFi appliances to stop attacks that evade conventional firewall defenses. |
FortiGate: Firewall Policies | DataSource | Monitors firewall policy packet transmission and data throughput. |
FortiGate: Dialup VPN Peers | DataSource | Monitors Dial-up VPN peers information. |
FortiGate: Antivirus | DataSource | Monitors Antivirus detection and blocked activity. |
FortiGate: Active IPSec VPN Tunnels | DataSource | Monitors active IPSec VPN tunnels, organized by VDOM. |
Fortinet_FortiGate_HA | TopologySource | Maps Fortinet FortiGate standalone, active-active, and active-passive HA |
Fortinet_FortiGate_SDWAN | TopologySource | Maps Fortinet FortiGate SD WAN |
When setting static datapoint thresholds on the various metrics tracked by this package’s DataSources, LogicMonitor follows the technology owner’s best practice KPI recommendations. If necessary, we encourage you to adjust these predefined thresholds to meet the unique needs of your environment. For more information on tuning datapoint thresholds, see Tuning Static Thresholds for Datapoints.