Dear friends of Check_MK and Fortigates,
I would like to clarify something related to Fortigate checks that I did maintain a long period of time. Those checks ran pretty well (from my point of view) and were useful in the versions of Check_MK before 1.4. Starting from 1.4 Check_MK has some strong Fortigate checks, which work quite well and those make the further development of my checks (almost) not reasonable anymore.
This is the reason, why I stopped maintaining my checks. Of course, I am still missing the check related to FAPs (Fortinet Access Points) and I don’t like the built-in VPN check very much (N tunnels from L are down).
So, please share your ideas with me and others in the comments, what kind of Fortigate checks you are missing in Check_MK 1.4 or what checks from my package you would like to see updated for Check_MK 1.4.
Those of you who are suffered by the issue with duplicated service description, which is caused by a conflict of two different named checks: one built-in in Check_MK starting from 1.2.8 and one of mine.
This special version has other service descriptions and check names. The functionality is the same as in the version 2.3.
You can download the Check_MK package at the temporary place.
Update: After Robert had reported that the new version didn’t work under 1.2.8 and 1.4 versions of Check_MK, I have figured out that the plugin didn’t work (ran into an exception) because of a change between the versions 1.2.6 and 1.2.8 of Check_MK: the global variable nagios_state_names was renamed in core_state_names. Therefore I’ve created an updated version and am waiting for a confirmation, if this new version is working.
Once again I have uploaded a new version of the Fortigate Check_MK plugin to Check_MK Exchange. The new version 2.3 got a new check called fortigate-wlan-info. This check is intended to display the following information about the usage of Fortiinet Access Points (FAP), connected to the monitored Fortigate:
- Number of active FAPs
- Numer of missed FAPs or those in down state
- Numer of mobile clients connected to all FAPs
The new check has a Perf-O-Meter as well as an adjusted PNP4Nagios template.
The new vesion of the plugin can be (hopefully soon) downloaded from Check_MK Exchange.
the only change is related to the check fortigate_mem. I have changed the evaluation of the parameters in the check. Now it’s possible to set warning and critical values in WATO. The old version did’t work and raised an exception.
I have uploaded the new version to Exchange of Check_MK. It should become available shortly.
I’ve updated the package to the version 2.2.3. Please consider updating to the new version some time. The change concerns only the check fortigate_ipsec and corrects a bug, that can cause an issue, when a IPSec tunnel doesn’t exist anymore. In this case the check can disturb the execution of other checks and make it not possible to re-execute the inventory.
The new version 2.2.3 is located as always on the check_mk exchange site.
again there has been a bug in the OID in the check fortigate_sessions. Or maybe I didn’t create the package carefully enough. Anyway there is a new version 2.2.2 and it’s located as always on the check_mk exchange site. Please consider updating as soon as possible, because the version 2.2.1 collects wrong values.
I’ve just uploaded a new version of the check to Check_MK Exchange site. This is a bug fixing version, is doesn’t contain any new features.
The new version includes a minor bug fix in fortigate_sslvpn check. I corrected the OID used there to get the value of the active SSL VPN sessions. The old versions might show a wrong number of active sessions. Please update the package.
If you’ve got a fresh Fortigate and want to configure it as HA, you have to prepare something, because the factory-standard configuration doesn’t let you to enabled High Availability.
The preparation steps are as follows:
- Remove DHCP server settings
- Remove existing firewall policies
- Set the interface mode for all interfaces to static, because pppoe and dhcp modes are not supported in a HA cluster environment
- Set the hostname
- Set the mode for interfaces to internal-switch-mode interface
Continue reading →