07-09-2012 04:45 AM
I am using NNMi v9.10 p3.
I am unable to discover fortinet Generic firewall with sys objectid: enterprises.123220.127.116.112
Can someone please tell this device is certified in NNMi or not?
I have checked in MIB variable, its not showing there.
Please tell how i can discover this in NNM.
07-09-2012 08:58 AM
First thing to check would be if that device is listed on Device Support Matrix. Let's have a look at:
HP Network Node Manager i Software (NNMi) Device Support Matrix->
Second, what are the steps you followed to add the device ? Are you using node seeds (ie nnmloadseeds.ovpl)?. You can also use the nnmnoderediscover.ovpl script to add nodes to the NNMi discovery queue. See the nnmnoderediscover.ovpl reference page, or the UNIX manpage, for more information
The views expressed in my contributions are my own and do not necessarily reflect the views and strategy of HP.
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution, If you are satisfied with anyone’s response please remember to give them a KUDOS and show your appreciation.
07-09-2012 09:28 AM
Did you try to seed it like so nnmloadseeds.ovpl -n <Fortinet device> on some devices auto discovery may not work (see the NNMi release notes) , even if the device is not on the device support list NNMi must discover any device that respond to SNMP and/or ICMP if you properly configured your discovery rules.
Hope this helps.
07-10-2012 03:27 AM - edited 07-10-2012 03:28 AM
Device is already certified in device matrix.
I have tried nnmloadseeds.ovpl but still after discovery, device discovered as <non-snmp>.
After configuration poll its showing following message:
I have checked that SNMP is configured at device end for NNM application.
Please suggest what is the problem??
07-10-2012 03:57 AM
You need to ensure that there is a permit rule defined on the firewall that allows SNMP access via UDP port 161 on an interface that is reachable by your NNMi server.
SNMP need to be enabled on the firewall.
A defined Read Only community on the firewall must match what you have configured in either a communication region or default rule.
Andy Kemp, CISSP
07-19-2012 11:52 PM
For the SNMP communication i have checked with nnmsnmpwalk.ovpl.
This command takes around 1 hour in execution, that why in configuration poll its showing 'No SNMP' may be it get Timed out.
I can increase the Timed out and number of retries but it wouldn't solve problem to discover new devices. which i am facing in to discover these fortigate firewalls.
Due to this issue in my enviroment already 40% of devices are in Minor state, showing "No SNMP response"
even communication is there.
07-20-2012 06:05 PM
If it's taking an hour to complete snmpwalk, and you've got devices in production showing "No SNMP access", then I'd be tempted to push it back to Fortinet, and ask them why it takes so long to get SNMP responses.
Does it just slowly keep returning results, or are there certain OIDs that take a long time to respond?
07-26-2012 12:00 PM
Assumed that you have access to device and is using correct community, I suggest to you insert the mib for this device (that follows attached with documentation) and do the properly configuration if you need specific data from fortinet.