search

librenms / librenms

Community-based GPL-licensed network monitoring system
https://www.librenms.org
Other
3.82k stars 2.28k forks source link

Fortios v7 BGP idle #14833

Open dimex032 opened 1 year ago

dimex032 commented 1 year ago

The problem

Hello, after update our Fortigates in version 7 (7.2.3) have a problem with bgp status monitoring in librenms (look on screenshot). As we can see, it possilble, to be cause fortinet add in new version in iso.3.6.1.2.1.15.3.1.7.172.28.1.10 = IpAddress: xxx one more index - iso.3.6.1.2.1.15.3.1.7.172.28.1.10.1 = IpAddress: xxx. ( probably vdom index) How could u help with this? probably do some bugfix?

Output of ./validate.php

===========================================
Component | Version
--------- | -------
LibreNMS  | 23.1.0-19-gaa033ec3c
DB Schema | 2022_08_15_084507_add_rrd_type_to_wireless_sensors_table (248)
PHP       | 8.1.13
Python    | 3.7.3
Database  | MariaDB 10.3.34-MariaDB-0+deb10u1
RRDTool   | 1.7.1
SNMP      | 5.7.3
===========================================

[OK]    Composer Version: 2.5.2
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database Schema is current
[OK]    SQL Server meets minimum requirements
[OK]    lower_case_table_names is enabled
[OK]    MySQL engine is optimal
[OK]    Database and column collations are correct
[OK]    Database schema correct
[OK]    MySQl and PHP time match
[FAIL]  Both Dispatcher Service and Python Wrapper were active recently, this could cause double polling
[OK]    Dispatcher Service is enabled
[OK]    Locks are functional
[OK]    Python poller wrapper is polling
[OK]    Redis is unavailable
[OK]    rrd_dir is writable
[OK]    rrdtool version ok

What was the last working version of LibreNMS?

No response

Anything in the logs that might be useful for us?

No response

vacumet commented 1 year ago

This looks related to my issue with 7.2.X firmware: https://github.com/librenms/librenms/issues/14898

rudybroersma commented 7 months ago

I opened a ticket with FortiNet TAC regarding this issue. Ticket ID 9203141.

FortiNet has acknowledged the issue and there will be a workaround in 7.2.8 and 7.4.something They will add a configuration parameter to remove the vDOM ID from the bgpPeerTable index.

config system snmp sysinfo
  set append-index {enable | disable }
end

Additionally you can configure multiple SNMP community strings or v3 users in 7.2 and up and bind that to a vDOM: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-SNMP-when-VDOM-is-enabled/ta-p/194853

I still feel it's a dirty hack to have a configuration parameter to restore MIB compliancy, but it works.

murrant commented 7 months ago

sigh, why didn't they just put the table with the vdom id in their own enterprise oid instead of breaking the standard BGP MIB.

andreas1o commented 5 days ago

Any update on this ? or anyone working on a patch ?